Bonum Certa Men Certa

More Critical Vulnerabilities in Vista 7, Windows Left Unsafe for Another Month

Global warming



Summary: Microsoft does not patch serious flaws (it only patches one "critical" flaw, even in Vista 7) and many people are knocked offline as a result of Microsoft negligence

AS Microsoft prepares to patch critical problems in Vista and Vista 7 next week, it seems apparent that:

  1. Microsoft continues to be knowingly negligent when it comes to security (also see [1, 2])
  2. The latest version of Windows is just as vulnerable as predecessors and some experts say it is even more vulnerable


Among the posts which demonstrate the second point:



Here is the latest demonstration of the first point -- that Microsoft is being negligent. From The Register:

Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

[..]

That may lighten the load on IT admins, but it also means potentially serious vulnerabilities known to affect Internet Explorer 8 and Windows 7 will be allowed to fester for at least another 28 days.

As reported previously by El Reg, the IE 8 bug can enable attacks against people browsing websites that are otherwise safe to view. The flaw can be exploited to introduce XSS, or cross-site scripting, exploits on webpages, allowing attackers to inject malicious content and code. Ironically, it resides in a feature Microsoft added to harden the browser against that very type of attack.

[...]

Also remaining unfixed is a bug that allows an attacker to completely lock up systems running windows 7 and Windows 2008R2. The flaw, which resides in the OSes' SMB, or server message block, can be triggered remotely by sending malformed traffic that specifies incoming packets that are smaller or larger than they actually are. SMB is a network protocol used to provide shared access to files and printers.


More at IDG:

Microsoft Won't Fix Windows 7 Crash Bug Next Week



[...]

However, the company acknowledged that it does not yet have a fix for a crippling bug in Windows 7 that went public nearly two months ago.

The expected update will patch a vulnerability rated "critical" -- Microsoft 's most serious rating in its four-step scoring system -- in Windows 2000. The bug also affects Windows XP, Vista and Windows 7, as well as Windows Server 2003, Server 2008 and Server 2008 R2, but is tagged as "low" for those editions.


And more from the British news:

Websense warns on Microsoft rogue AV



Searches redirect to malicious sites


Here again is the latest consequence of having hundreds of millions of Windows zombie PCs out there.

About 30,000 customers of the Cheshire-based ISP Vispa were forced offline for almost 12 hours today by a DDOS attack traced to the Baltic state of Latvia.


That would be a whole day's work/leisure lost for approximately 30,000 customers (some of whom are entire families). What would the cost of this DDOS attack? Either way, Microsoft UK is profiteering from this (also outside the UK), almost always at the expense of taxpayers (externalities to them).

Recent Techrights' Posts

Windows Has Fallen to All-Time Lows in Switzerland Since GNU Celebrated 40th Anniversary (GNU’s 40th Birthday in Biel, Switzerland)
GNU/Linux has been doing well in Switzerland
One Person's Take on Jef Spaleta, the New Fedora Project Leader
"With a little searching, I wonder what else may be found regarding Microsoft."
LLM Slop Has Virtually Killed unixmen.com and Many Other Sites
There's no longer any incentive to write real articles in there
 
In Some Countries, Laptops and Desktops Become a Dying Breed (Even Before Tariffs), Windows Has Nowhere to Go
expect more GNU/Linux on new and existing laptops
When the Credibility or 'Quality' of Clients Ceases to Matter, It's About Helping Rich Companies Like Microsoft Censor Critics (No Matter the Risks)
Bad ideas typically result in undesirable outcomes
UAE: GNU/Linux and Android at Record Levels, Windows at New Lows and Falling Below Apple
Even iOS is measured as bigger than Windows this month
Links 07/04/2025: Reddit Occupied (Social Control Media Controlled by Oligarchy), Demise of Globalisation Ongoing
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 06, 2025
IRC logs for Sunday, April 06, 2025
Links 07/04/2025: Leaving Gemini/smolweb and Mastodon Migrations
Links for the day
In Iraq, Windows 3.1 (Percent)
There's also zero
Links 06/04/2025: Flood, Cool Gemini Capsule, and Long Form
Links for the day
Links 06/04/2025: Science, Politics, and Pricier Goods
Links for the day
Sharp Declines for Microsoft Windows in Bangladesh (Pop. ~175,000,000), Big Gains for GNU/Linux
Microsoft Windows has been having a really hard time in poor countries
Links 06/04/2025: Fake Reviews, Privatisation Heists, and "AI" as Smokescreen for Impoverishing Humans
Links for the day
Taking a Moral Stand Against Strategic Lawsuits Against Public Participation (SLAPPs) and the Worst Offenders/Facilitators
Any other stance would sidle with moral depravity or moral hazard
Links 06/04/2025: Many New Acts of Repression and Elements of Financial Depression
Links for the day
In Qatar GNU/Linux Rose From Under 1% to Over 4% in Two Years (or Over 5% If Counting ChromeOS)
It's a big improvement compared to what we saw last year
LLM Scrapers Are a Nuisance, But They're Also a Reminder It's Time to Make Your Site Static
Perhaps the best protection is the ability to endure surges
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 05, 2025
IRC logs for Saturday, April 05, 2025
Links 06/04/2025: Attacks on Education, Fake Patents, and Fake (Illegal) Patent Courts
Links for the day
France: Apple and Microsoft Down, GNU/Linux Up to New Record Levels
How will tariffs against France impact things in the coming months?
Open Source Initiative (OSI) Privacy Fiasco in Detail: What Was Reported to the California Privacy Protection Agency (CPPA)
We hope to finish this whole lot within a week, then move on to election, lobbying etc.
Links 05/04/2025: Tariffs Backfiring, YouTuber Arrested, X/Twitter Set to be Fined
Links for the day
Gemini Links 05/04/2025: Offline is For Everyone, Copyright Colonialism, and More
Links for the day
Links 05/04/2025: TikTok Unsold (Still), Royal Society is Dead
Links for the day
Techrights Will Spend the Next Few Years Writing a Lot About Strategic Lawsuits Against Public Participation (SLAPPs)
It's a growing problem
The State of EPO Staff's Health in Rijswijk or The Hague
We're going to cover the EPO some more later in the month
NVIDIA Corp Lost 36% of Its "Value" Since Cheeto Inauguration, But "Gen Hey Hi" (GenAI) is Totally Not a Bubble
Selling loads of unneeded hardware based on hysterical hype; like selling shovels during a Gold Rush
GNU/Linux Growing in East Asia, Windows by Default No More?
GNU/Linux is now on the shelf
Slopwatch: Anti-Linux 'Articles' From Linux-Hostile LLMs
It is almost always negative things and nobody can be held responsible for it except the charlatans prompting the LLMs
Links 05/04/2025: Fentanylware (TikTok) "Sale Looks Highly Imminent" (US), Stock Market Drowning in Panic
Links for the day
Gemini Links 05/04/2025: Moving Plants, No to Smartwatches, RAID Hygiene
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 04, 2025
IRC logs for Friday, April 04, 2025