Vista 7 Vulnerable to Latest “Critical” Flaws

Dr. Roy Schestowitz

2009-08-13 12:43:41 UTC
Modified: 2009-08-13 12:43:41 UTC

Patches integrated quickly before RTM

Summary: Microsoft uses a familiar stunt to pretend that Vista 7 is more secure and then makes a lot of noise about it

NOTHING will change when it comes to computer security once Vista 7 is finally released. We wrote about the subject in:

Using what Ryan has called a "sneaky" trick, Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of "critical" patches.

In his own words: "There's articles describing Windows 7 RTM as safe from the Patch Tuesday vulnerabilities that have been fixed in Vista and XP this month, but that's why Microsoft made 7600.16385 the RTM, they integrated those patches right before they declared it final, then said it was safe from the bugs that affected XP and Vista. 7600.16384 was almost the RTM, but they made a new build just for these."

“Microsoft hid the fact that Vista 7 too was vulnerable to the latest bucket of "critical" patches.”In short, he argues: "They applied all the patches, called that build the RTM, then said the RTM was unaffected. Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too. You wouldn't notice this unless you had been following the Windows 7 build process pretty closely.

"Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can't declare RTM again.

"They're still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you'd expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely." ⬆

“Great talker, great liar.”

--French Proverb

Comments

aeshna23

2009-08-13 14:50:53

I'm having trouble following this argument. Isn't our argument that Linux has far few vulnerabilities than Windows, and not that any operating system is going to have zero vulnerabilities for quite a while?

Roy Schestowitz

2009-08-13 15:59:01

I was pointing out Microsoft's dishonesty. GNU/Linux does not play those PR games. It is upfront about deficiencies and there's rarely a question about what's good for shareholders; it's about what's good for users.

Yuhong Bao

2009-08-13 17:12:35

Well, all this means is that 7600.16384 is affected by these security bugs, but the real RTM, 7600.16385, is not. So MS is right in claiming that the RTM is not affected. Normal, I think. "Watch what happens on Patch Tuesday in September and October and see how many of those bugs affect Windows 7 cause they can’t declare RTM again." Normal, I think, too. I remember the first patches released for XP RTM right on it's launch on October 25: http://support.microsoft.com/kb/309521 And not just for XP itself. Windows Movie Maker 1.1 and Windows Messenger 4.0 was shipped with XP, but by the time of the launch on October 25, Windows Movie Maker 1.2 and Windows Messenger 4.5 was already available. Here is a list: http://forums.windrivers.com/archive/index.php/t-39574.html http://news.cnet.com/2100-1001-274987.html
Yuhong Bao

2009-08-13 17:36:47

"Then [they] released a press release patting Windows 7 on the back for being more secure, even though at least half those bugs affected it too." That is where the trick probably is.
Yuhong Bao

2009-08-13 17:38:52

"They’re still patching Windows XP after 8 years. What does that tell you? I fired it up on my other laptop yesterday and had 9 security updates waiting. Well, after 8 years and ~4,000 patches you’d expect them to have tied up most of the loose ends. They said Windows XP was secure when it launched and they are *still* patching it routinely." That is I think normal too. Sometimes new features introduce new security holes, but this isn't always the case.

Roy Schestowitz

2009-08-13 17:54:01
Sometimes new features introduce new security holes, but this isn’t always the case.

GNU/Linux receives many patches, but:
1. Patches are distributed to all software from the repositories, not just the core O/S and core applications.
2. GNU/Linux distributions are often released once or twice a year. If you look at LTS releases (over time), then your comparison becomes more valid.
Windows XP hardly changes and the number of holes found in it so far is amazing. It was touted as very secure when it was released.

BetaNews Appears to Have Fired All Of Its Staff: Even serial sloppers
Gemini Protocol Turns 6 on Friday: Active (online) Gemini capsules are estimated by Lupa at over 3,000
Microsoft's "FUD-as-a-Service" (Against Linux) Not Functioning Well: This is the kind of contribution companies like Microsoft and Google have to offer to society
Betanews Becoming a Slopfarm is "Betanews Growing Alongside You", According to Betanews: Their first 'article' in over two weeks is 52% "AI-generated" (slop), 33% mixed (edited slop), 18% human-written, says an advanced scanner.
The Right to Know and the Freedom to Report on Crime (at the Higher Echelons): I'd like to do the same thing for the next 20 years
After the Web Becomes Slopped to Death: A lot of people are rightly fed up with the "modern" Web
Microsoft's Windows is a Niche Operating System in Africa: African nations aren't a large contributor to Microsoft's income, but if many African nations move away from Windows, then the monopoly is at risk
Like Most Social Control Media, Microsoft LinkedIn is Collapsing: One reason for Microsoft acquisitions is debt-loading, i.e. offloading and burying its debt
Microsoft is Losing Its Richest Clients: Unlike some very poor countries, Germany and the EU are a considerable source of income to Microsoft
Proprietary Means Not Secure: Proprietary software tends to rely on secrecy, not good design
Slop in 'AI' Clothing is a Passing Fad, We'll Get Past It (Like Blockchain Before That): Many people cheat in exams using slop and there are professionals that try using slop as a "shortcut"
GNOME Does Not Campaign Against Microsoft, KDE Does: It's good to see that KDE is still active in promotion of Free software - a term that it uses
Slopwatch: BetaNews, Linuxsecurity, and Other Prolific Slopfarms: name and shame the sites that establish such proliferation of slop
Gemini Links 18/06/2025: Birch Lake and Loon Pond: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 17, 2025: IRC logs for Tuesday, June 17, 2025
Links 17/06/2025: "The Grift Economy" and Kubernetes Does Proprietary: Links for the day
Coffee Day and LLM Sloppers: The LLM slop "bros" are a lot like fake-money bros; they lie to people, they boast that they lie to people, and they're generally bad people, BS artists in colloquial terms
Double-Dipping the Docket for Microsoft Glory and Censorship of Microsoft Critics: same lawyer, same barrister, all US, all Microsoft
TheLayoff Censorship of IBM Threads Has Gone Truly Ludicrous: we do not argue that TheLayoff should not cull LLM slop
More Stallmanites Added to FSF Board and Summer Fundraiser Commences: There's some good news from the FSF
Gemini Links 17/06/2025: Consistency and Notes About NixOS: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, June 16, 2025: IRC logs for Monday, June 16, 2025
July 2 2025 Would Not be First Big Wave of Microsoft Layoffs Before Major National Holiday: July 2 or 3 mark the start of a very long weekend in the US
IDG's NetworkWorld Seems to Have Just Become LLM Slop: If IDG (now controlled by China) does that in at least one site, why not the rest? Only a matter of time?
Gemini Links 16/06/2025: Free Lunches and Bookmarklet for Mastodon: Links for the day
IBM: Less Than a Month's Severance for Each Decade of Service: Yes, decade!
Taking a Lesson From Denmark and Greenland? Iceland Shows New Lows for Windows, All-Time Highs for GNU/Linux: If Microsoft sabotages systems of judges at the Hague (in order to appease the insane man who wanted to invade Greenland), why won't its neighbour Iceland take note?
BetaNews Has Just Deleted Its Latest 'Article' or Got Cracked Again and Restored From Outdated Backup Again: BetaNews seems to be in some serious trouble right now
Software Freedom is "Activism" Because the Corporate Agenda Revolves Around Bribery, Deceit, and Betrayal: At the end Software Freedom will win because it's on the same side as truth and lawfulness
The EPO, Europe's Largest Patent Office, Admits Outsourcing to Microsoft Slop: Their sole goal is to make more money
Links 16/06/2025: EchoLeak and NASA Teaming up With India: Links for the day
The Better the Understanding or the More Nations Understand the Threat Posed by Microsoft, the Faster It'll be Eradicated: We believe that the thing to advocate is self-hosting and Free software... A lack of simplicity or absence of alternatives is a form of vendor lock-in
A Week of Sunlight: They say transparency is like sunlight to a vampire
"Linux" Sites That Went Astray: there are even worse things than shutdowns
Links 16/06/2025: Climate, Wildfires, Breaches, and Monopolies: Links for the day
Links 16/06/2025: Summer in Finland and Misunderstandings: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, June 15, 2025: IRC logs for Sunday, June 15, 2025

Vista 7 Vulnerable to Latest “Critical” Flaws

Comments

Recent Techrights' Posts