Bonum Certa Men Certa

Microsoft Breaks the Law by Not Patching Windows as Per the Agreement

Balance



Summary: Microsoft's legal obligations are hanging in the balance while Windows 2000 does not receive security patches

ABOUT a month ago we showed that Microsoft broke its contract with the customers by refusing to patch Windows XP. As it turns out, Microsoft is doing this with Windows 2000 as well.



Our reader Ryan, who is a former Microsoft MVP and an expert in this area, wrote in IRC: "You should drive home a point that you aren't when talking about Conficker and its brethren. Windows 2000 will be TEN YEARS OLD on February 17, 2010, and still manages to get at least a dozen security patches a month, even now. It's a good way to point out that no matter how many patches you install, there's always more vulnerabilities. Several thousand of them have been patched in Windows 2000 and it's still regularly patched. You would think that the patch rate would have slowed down and the OS would have more or less settled by now, but it's going to be patched from birth to abortion. You should also mention that companies won't necessarily throw out Windows 2000 on their systems just because it's out of support. From Wikipedia: 'On 8 September 2009, Microsoft skipped patching two of the five security flaws that were addressed in the monthly security update, saying that patching one of the critical security flaws was "infeasible".[93] According to the Microsoft Security Bulletin MS09-048, "The architecture to properly support TCP/IP protection does not exist on Microsoft Windows 2000 systems, making it infeasible to build the fix for Microsoft Windows 2000 Service Pack 4 to eliminate the vulnerability. To do so would require rearchitecting a very significant amount of the Microsoft Windows 2000 Service Pack 4 operating system, [...] there would be no assurance that applications designed to run on Microsoft Windows 2000 Service Pack 4 would continue to operate on the updated system."' Windows 2000 not only shares all the vulnerabilities in XP, Microsoft has started refusing to patch some while the damned thing is still supported (to try and force an upgrade). It's not the first time that Microsoft has refused a security patch for operating systems still in support, they left some critical Windows 98 and Windows NT 4 vulnerabilities unpatched, with a year left on the support lifecycle.

“In other words, Microsoft can flagrantly violate the hell out of their side of the agreement, but don't you dare to step out of line or install Windows on two systems with one license.”
      --Ryan
"Windows 2000 is supported until July of 2010, meaning that per their support agreement, every security patch should be delivered on until then, so they're violating their own support agreement, but insisting that you obey your obligations under their EULA. This is kind of like the times Microsoft was found violating their side of the privacy agreement in Windows Media Player 7 (they probably still do). In other words, Microsoft can flagrantly violate the hell out of their side of the agreement, but don't you dare to step out of line or install Windows on two systems with one license."

Fewa responds with: "Microsoft has always been an outlaw corporation. They only obey the laws that benefit them and disregard those that would dare limit their greed of monopoly. They even wish to impose on other those laws. It's not just that; of course having the government totally hijacked for 6 years did not help. The democrats got a majority in 2006 (in the house)."

"8 years," insists Ryan, "and I'd argue that they still do. Obama has packed the DOJ with more RIAA mafia types." Here is a collection of references.

Ryan is not optimistic. "They're one of the richest companies and have hundreds of lawyers," he says. "You could sue them, in theory, but they could just stall forever."

To summarise, writes Ryan: "What kind of confuses me is that according to Microsoft, breaking their EULA is "illegal", but when they break their side of the agreement it's OK as long as they can say "It would have been too much work to close that critical patch on Windows 2000." It would be like me saying "Well, I installed the same copy of Windows on ten computers cause it would have been too much of a strain on my finances to buy 9 more licenses"; Same defense they're trying, too much of a strain on limited resources, so it's OK to break the agreement."

In other news, Microsoft's cryptology is broken again.

Microsoft releases fix for crypto patch



[...]

The ocsasnfix.exe (direct download) program is to fix the glitch both in the client and in the server. In a knowledgebase article, Microsoft describes how to run the program and what other actions may need to be taken.


Perhaps Microsoft could not just disable the features this time around [1, 2].

Comments

Recent Techrights' Posts

Links 28/08/2025: Chatbots Distorting/Fabricating History and Also Driving Suicide
Links for the day
Open Source Initiative (OSI) Resists Software Freedom, Even by Attacking Its Own
The OSI is compromised
 
Richard Stallman (RMS) Talk in Ethereum Cypherpunk Congress Will be Remote
This past week RMS received lots of accolades online
The Register MS (Run by Microsoft Operatives): Free Software is Putin, Hence Evil and Dangerous
The current editor in chief is an American Microsofter, the previous one went to work for Google (US)
Gemini Links 28/08/2025: Back in Japan and Why "Hacker News" Sucks
Links for the day
A Much-Needed Wake-up Call to Users of Wordpress.com, Blogspot, Substack and All Those Other Outsourced (and Centralised) Platforms
There are several lessons in there
The UEFI 9/11 - Part II - Campaign of Censorship and Defamation Against Critics
In dictatorships, humour serves an important role. It's tragic.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 27, 2025
IRC logs for Wednesday, August 27, 2025
Slopwatch: linuxsecurity.com, Slopfarms in Google News, and More
Some readers of ours end up sending us links that are from slopfarms, not realising those are slopfarms
Gemini Links 27/08/2025: Katrina Memories and Google Versus Software Freedom
Links for the day
Links 27/08/2025: Police Against Media Freedom in the UK, Energy-Hungry Countries Targeted by China
Links for the day
Microsoft Windows Fell to All-Time Lows in Egypt This Summer, Vista 11 Adoption Decreases While GNU/Linux Increases
Vista 11 is going down rather than up
Links 27/08/2025: Microsoft Demoralises Staff With Slop Demands, Leaving Mastodon Explained
Links for the day
12 Hours Ago The Register MS Published a Fake (Paid-for) Article, But This One for a Change Did Not Promote a Ponzi Scheme
There are also Free software alternatives, but they don't pay The Register MS for "synthetic" so-called 'journalism'
More People Need to Call Out and Put a Stop to Serial Sloppers
Unless slopfarms are stopped, people will read and share Microsoft propaganda made by chatbots
Gemini Links 27/08/2025: Headphones and Tartarus
Links for the day
Morale at Microsoft is Terrible (Proprietary Plagiarism Machines Have No Future, LLM Slop is a Bubble)
The slop sceptics/critics are going to have lots of "told you so" moments
GNOME "governance issues, staff reduction, etc." amidst Albanian whistleblowing and women trafficking
Notice the connection to Software Freedom Conservancy (SFC) and GNOME
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, August 26, 2025
IRC logs for Tuesday, August 26, 2025
Richard Stallman (RMS) Was Right About "Sideloading" in 1996
We now have computers that treat booting GNU/Linux like an act of "Sideloading"
Panama: Windows Down From 97% "Market Share" to Less Than 30%
In 2009, Windows was measured at 97.24% (compared to 62.32% right now or less than 30% if one also counts Android)
The UEFI 9/11 - Part I - Introduction to Impending Catastrophe (Microsoft Preventing People From Booting Non-Windows Systems)
eight-part series
Why Techrights is Slow Today (Bot Floods)
We don't know if those bots are connected to LLMs (we have not checked), but that is a possibility
Slopwatch: DDoS Slop, LinuxBSDos.com Spam, and Slopfarms in Google News, Including webpronews.com
Among the news we also found fakes, albeit not so much today
Links 26/08/2025: "Ballooning Debt" in France and "Transnational Repression in the UK"
Links for the day
Gemini Links 26/08/2025: Listening to Alcest and Google Doing Evil (Users Installing Software is "Sideloading" and Prohibited)
Links for the day
Links 26/08/2025: DNS Tampering and TikTok Layoffs
Links for the day
Microsoft's Windows "Market Share" Overestimated
Microsoft's income sources are shrinking
We Shall See...
My wife and I are hardly the first victims of Brett Wilson LLP
This New Determination on a Case Echoes the Modus Operandi of Microsoft's Serial Strangler vs Techrights (Its Online Decision/Judgment Says Truth and Public Interest Defend the Publisher)
Noel Anthony Clarke hopefully has enough money left to pay his victims, which include the publishers
Going Offline
There was life before the Net
The Register MS Has Apparently Shut Down Its Office
It is basically a fake address on the face of it
There Are Also Expectations of IBM Layoffs Very Soon With "Narrative Control."
Some of them mention Red Hat and how IBM failed to achieve anything substantial with that acquisition
After at Least Two Rounds of Mass Layoffs in August Microsoft Said to Have "September Layoff Confirmed - Performance Based"
Those "M5 level meetings" sound plausible
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, August 25, 2025
IRC logs for Monday, August 25, 2025