Bonum Certa Men Certa

More Critical Vulnerabilities in Vista 7, Windows Left Unsafe for Another Month

Global warming



Summary: Microsoft does not patch serious flaws (it only patches one "critical" flaw, even in Vista 7) and many people are knocked offline as a result of Microsoft negligence

AS Microsoft prepares to patch critical problems in Vista and Vista 7 next week, it seems apparent that:

  1. Microsoft continues to be knowingly negligent when it comes to security (also see [1, 2])
  2. The latest version of Windows is just as vulnerable as predecessors and some experts say it is even more vulnerable


Among the posts which demonstrate the second point:



Here is the latest demonstration of the first point -- that Microsoft is being negligent. From The Register:

Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

[..]

That may lighten the load on IT admins, but it also means potentially serious vulnerabilities known to affect Internet Explorer 8 and Windows 7 will be allowed to fester for at least another 28 days.

As reported previously by El Reg, the IE 8 bug can enable attacks against people browsing websites that are otherwise safe to view. The flaw can be exploited to introduce XSS, or cross-site scripting, exploits on webpages, allowing attackers to inject malicious content and code. Ironically, it resides in a feature Microsoft added to harden the browser against that very type of attack.

[...]

Also remaining unfixed is a bug that allows an attacker to completely lock up systems running windows 7 and Windows 2008R2. The flaw, which resides in the OSes' SMB, or server message block, can be triggered remotely by sending malformed traffic that specifies incoming packets that are smaller or larger than they actually are. SMB is a network protocol used to provide shared access to files and printers.


More at IDG:

Microsoft Won't Fix Windows 7 Crash Bug Next Week



[...]

However, the company acknowledged that it does not yet have a fix for a crippling bug in Windows 7 that went public nearly two months ago.

The expected update will patch a vulnerability rated "critical" -- Microsoft 's most serious rating in its four-step scoring system -- in Windows 2000. The bug also affects Windows XP, Vista and Windows 7, as well as Windows Server 2003, Server 2008 and Server 2008 R2, but is tagged as "low" for those editions.


And more from the British news:

Websense warns on Microsoft rogue AV



Searches redirect to malicious sites


Here again is the latest consequence of having hundreds of millions of Windows zombie PCs out there.

About 30,000 customers of the Cheshire-based ISP Vispa were forced offline for almost 12 hours today by a DDOS attack traced to the Baltic state of Latvia.


That would be a whole day's work/leisure lost for approximately 30,000 customers (some of whom are entire families). What would the cost of this DDOS attack? Either way, Microsoft UK is profiteering from this (also outside the UK), almost always at the expense of taxpayers (externalities to them).

Recent Techrights' Posts

The Price of Exposing Corruption in Poland (and Elsewhere)
It's easier to participate in corruption than to merely do the right thing and oppose it
Abuse Inside the Polish Patent Office (UPRP) - Part IX: Minimum Wages For You (Experienced Scientist), Alicante/EU Paydays For Me (Unproductive, Corrupt Official)
Does UPRP maladministration extend to the false belief that qualified and experienced scientists can play the role of circus clowns?
"The Liberating Power of Simply Telling People the Truth."
'polite' bullying
Who Imitates Who? Plagiarist as Client (From Microsoft), 'Plagiarism' at the Law Firm?
let's revisit the subject
EPO's Central Staff Committee (CSC) Scrutinises the Man Who Illegally Grants (and Forces Others to Illegally Participate in Granting) Software Patents in Europe
EPO compels examiners to break the law in the name of obeying illegal "rules" or "orders"
The Latest Rumour Says The Next (as Correctly Predicted Before) Wave of Layoffs at Microsoft is 3 Weeks Away, "Larger Than the First Wave"
Step 2
TV Licensing Used to SPAM Your Postbox, Now It Does the Same to E-mail
First they ask for your E-mail address; then they start nagging you via E-mail
 
Twitter (X) is Dying, Now It's Just Like a Mafia-Type Operation of the Man Who Does Nazi Salutes in Public
a form of extortion
UK High Court Blasts Brett Wilson LLP for Misusing "GDPR" After Failed Efforts to Censor Critics Using 'Libel' Claims
No wonder this firm is rapidly shrinking
Recent Blunders in Microsoft GitHub (e.g. Slop-Generated Bug Reports or GPL Violations 'as a Service') Taking Their Toll?
Put bluntly, if you still use Microsoft GitHub, then you're slave to Microsoft
American Imperialism and Microsoft Plagiarism
Techrights will therefore do what Microsoft does not want it to do: it'll write even more about Microsoft
When They Have Nothing Left to Help Advance Abusive Litigation for Microsoft People... Other Than Throwing ~500 Pages of Someone Else's Work Into a PDF
Microsoft is having a very tough year
Slopwatch and Yet More Holes in 'Secure Boot' (as Usual!), Promoted Inside Linux by the Man We Are Suing
Today's Slopwatch will be short
Gemini Links 13/06/2025: People You've Left Behind, Life Update and OS Changes
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 12, 2025
IRC logs for Thursday, June 12, 2025
Links 12/06/2025: Portland Homeless Deaths Quadruple, COVID Cases Surge in Asia
Links for the day
EPO's Gareth Lord Asked About "Quality and Productivity" or, Put Another Way, Why the EPO Keeps Granting So Many Invalid/Illegal Patents
letter to Lord
The Toxic Playbook
Either you support Prince Mohammed bin Salman or you're a nazi
It's Possible That BetaNews Got Cracked, But Nobody Talks About It, The Site Contains an Outdated Old Image, No Activity
It's possible that they will never explain what happened to the site and users' accounts
Links 12/06/2025: Beach Boys’ Brian Wilson Dies
Links for the day
Gemini Links 12/06/2025: Video Game Diegesis and Steam Next Fest
Links for the day
Why the Militants Have Lost Every Battle Since 2022 (When Attacking My Wife and I in Various Ways, Even Attacking Our Employers)
This takes patience, sure, but at the end most evildoers face the consequences for their actions
Our Priority is Still Tackling Software Patents and Corruption in Patent Offices
Meanwhile we got compliments on our recent articles, which means that they are effective
Politics Will Impact Software Choices
Will those systems respect users' freedom?
EPO: Neglecting Children to Promote American Monopolies by Shielding Them From European Competition
Yesterday the Central Staff Committee at the EPO spoke about another "reform" at the Office
Slopwatch: Another Day, Another Slopfest, LLM Slop Scrapers Slow Down Our Site
We too have some slop issues; this past day this site and the sister site had to answer about 2.5 million requests (not counting Gemini Protocol) and it's slowing things down for everybody
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 11, 2025
IRC logs for Wednesday, June 11, 2025
Links 11/06/2025: More Vulnerabilities Found in 'Smart' Phones, China Extends Reach in the Pacific
Links for the day
Gemini Links 11/06/2025: Grain and Steam Next Fest
Links for the day
Links 11/06/2025: "Quantum" Hype From IBM, US Closer to Martial Law, and “The Nation” Celebrates Milestone
Links for the day
IBM's CEO Roasted, Sizzled and Grilled for Dumb and Inconsistent Vapourware Promises
It looks like being a chronic liar is what it takes to lead the company once synonymous with computing
IBM's Goal Is Not (and Never Was) Computer Users' Freedom
More than 1.5 decades ago I found IBM to be an "ally of convenience" because of OpenDocument Format (ODF)
Wayland Shows the IBM/Red Hat Way of Doing Things
IBM is trying to 'kill' X
GitHub is Proprietary, Controlled by Microsoft, and GPL Violation Warehouse
"IRS tax filing software [will be] released to the people as free software" ... In general this is good news
Slopfarm Catastrophe
Seems like BetaNews (or BetaNoise) has just suffered a major data loss and restored the site from a week-old backup
Abuse Inside the Polish Patent Office (UPRP) - Part VIII: Illegal Working Conditions
How many people need to die for these people to get their massive salaries?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 10, 2025
IRC logs for Tuesday, June 10, 2025