Bonum Certa Men Certa

Security Emergency at Microsoft, All Windows Users Are Vulnerable for Now

Windows users can cut the Internet cable to feel more secure

Cutting



Summary: Every version of Windows is open to attack which has already targeted very many users and no patches are available yet

MICROSOFT HAD MANY security issues last month. We covered many of them over the course of the past fortnight, but here are some newer items and items which we missed.



Some while ago Microsoft discovered a very major zero-day flaw, which made a lot of headlines including this one where Microsoft is shown to be confirming the problem.

Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.


"Microsoft Acknowledges Windows Shell Vulnerability," says another article from around the same time. "Microsoft Warns Of Attacks Exploiting Windows Shell Flaw," alerts CRN. This is an emergency which, according to OpenBytes begs for a vulnerability patch on Monday. For how many consecutive months must such embarrassments happen? Also in the news:



According to this new report, Microsoft's bad patches, which even Microsoft partners are scared to apply, leave many Windows installations unpatched and thus totally vulnerable on a permanent basis. Microsoft pulls support (as in security patches) for older versions of Windows (Windows 2000 and soon Windows Server 2003) and since upgrades are not free when it comes to Windows, more people are expected to have vulnerable machines. To Microsoft, it's just a business decision. When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.

“When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.”Microsoft is largely a PR company, so needless to say it has ways of downlplaying the severity of such issues, which may have made one in two Windows PCs a zombie PC (since 2008).

As evidence of Microsoft's PR crusade, look no further than the latest Microsoft Imagine Cup rubbish [1, 2, 3, 4, 5]. It's Microsoft advertising and it's a way of making the monopolist look like it is loved by children. It's an attempt to change the company's image and similar stunts currently come from Microsoft Malaysia. But that's another story for another day. The point we are trying to make here is that no matter how serious Microsoft's security problems are, it will always do lots of PR work to silence reporters. We have documented cases where Microsoft unleashes PR people at journalists (regarding Vista security) and in last month's news we found "Irvine PR firm honored for work related to Microsoft patches". Watch the body of this article:

Madison Alexander was honored for the agency's work on behalf of its client, Shavlik Technologies. By consistently positioning Shavlik as an expert on Patch Tuesdays – when Microsoft Corp. releases software security updates once a month on a Tuesday – the firm delivered "prominent references" to Shavlik in media coverage of Patch Tuesdays, according a statement from Madison Alexander.


Juniper, which is run by several Microsoft executives, seem to be trying something similar with occasional press releases that are consistent with the same template.

“Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do”This just shows how 'independent' the press really is and why. It's all distorted by PR, but the PR happens behind the scenes (the back end, so to speak). "atom42 Tops Agency Leaderboard in Microsoft Competition," says the headline of this new press release. "In a recent competition run by Microsoft to promote recently improved ‘decision engine’ Bing, online marketing agency atom42 outperformed larger rivals to win ‘blingin’ prizes." Awww... wonderful!

Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do [1, 2]. It is only making things worse because they take revenge and put all Windows users at risk. This is where Microsoft's attitudinal problem (arrogance and power games [1, 2, 3]) contributes to lack of security in its products. Some security experts are even leaving Microsoft. New example:

Security researcher and former Microsoft gadfly Marc Maiffret has returned to the company he started when he was a teenager, eEye Digital Security.


Until Microsoft's emergency security patch arrives everyone who uses Windows is at risk of being assembled into a botnet, "Experts predict extensive attacks of Windows zero-day," says this report, noting that "Security organizations... raised Internet threat levels to warn users that they expect widespread attacks using exploits of a just-acknowledged critical bug in all versions of Windows."

That's right, all versions are affected, Vista 7 included. A while ago Microsoft said that 25,000 PCs were attacked with the latest Windows zero-day flaw (the number is now higher) and it investigated issues it could prevent by simply changing its internal culture.

"Fuck! It took you a year to figure that out!"

--Bill Gates



"That’s the dumbest fucking idea I’ve heard since I’ve been at Microsoft."

--Bill Gates



Recent Techrights' Posts

[Meme] The Heart of Staff Rep
Rowan heartily grateful
 
Sven Luther, Lucy Wayland & Debian's toxic culture
Reprinted with permission from disguised.work
Coroner's Report: Lucy Wayland & Debian Abuse Culture
Reprinted with permission from disguised.work
Links 18/04/2024: Misuse of COVID Stimulus Money, Governments Buying Your Data
Links for the day
Gemini Links 18/04/2024: GemText Pain and Web 1.0
Links for the day
Gemini Links 18/04/2024: Google Layoffs Again, ByteDance Scandals Return
Links for the day
Gemini Links 18/04/2024: Trying OpenBSD and War on Links Continues
Links for the day
IRC Proceedings: Wednesday, April 17, 2024
IRC logs for Wednesday, April 17, 2024
Over at Tux Machines...
GNU/Linux news for the past day
North America, Home of Microsoft and of Windows, is Moving to GNU/Linux
Can it top 5% by year's end?
Management-Friendly Staff Representatives at the EPO Voted Out (or Simply Did Not Run Anymore)
The good news is that they're no longer in a position of authority
Microsofters in 'Linux Foundation' Clothing Continue to Shift Security Scrutiny to 'Linux'
Pay closer attention to the latest Microsoft breach and security catastrophes
Links 17/04/2024: Free-Market Policies Wane, China Marks Economic Recovery
Links for the day
Gemini Links 17/04/2024: "Failure Is An Option", Profectus Alpha 0.5 From a Microsofter Trying to Dethrone Gemini
Links for the day
How does unpaid Debian work impact our families?
Reprinted with permission from Daniel Pocock
Microsoft's Windows Falls to All-Time Low and Layoffs Reported by Managers in the Windows Division
One manager probably broke an NDA or two when he spoke about it in social control media
When you give money to Debian, where does it go?
Reprinted with permission from Daniel Pocock
How do teams work in Debian?
Reprinted with permission from Daniel Pocock
Joint Authors & Debian Family Legitimate Interests
Reprinted with permission from Daniel Pocock
Bad faith: Debian logo and theme use authorized
Reprinted with permission from Daniel Pocock
Links 17/04/2024: TikTok Killing Youth, More Layoff Rounds
Links for the day
Jack Wallen Has Been Assigned by ZDNet to Write Fake (Sponsored) 'Reviews'
Wallen is selling out. Shilling for the corporations, not the community.
Links 17/04/2024: SAP, Kwalee, and Take-Two Layoffs
Links for the day
IRC Proceedings: Tuesday, April 16, 2024
IRC logs for Tuesday, April 16, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Inclusion of Dissent and Diversity of Views (Opinions, Interpretations, Scenarios)
Stand for freedom of expression as much as you insist on software freedom
Examining Code of Conduct violations
Reprinted with permission from the Free Software Fellowship
Ruben Schade's Story Shows the Toxicity of Social Control Media, Not GNU/Linux
The issue here is Social Control Media [sic], which unlike the media rewards people for brigading otherwise OK or reasonable people
Upgrading IRCd
We use the latest Debian BTW
The Free Software Community is Under Attack (Waged Mostly by Lawyers, Not Developers)
Licensing and legalese may seem "boring" or "complicated" (depending on where one stands w.r.t. development), but it matters a great deal
Jonathan Cohen, Charles Fussell & Debian embezzlement
Reprinted with permission from disguised.work
Grasping at Straws in IBM (Red Hat Layoff Rumours in 2024)
researching rumours around Red Hat layoffs
GNU/Linux Continues to Get More Prevalent Worldwide (Also on the Desktop)
Desktops (or laptops) aren't everything, but...
Who is a real Debian Developer?
Reprinted with permission from Daniel Pocock
Links 16/04/2024: Many More Layoffs, Broadcom/VMware Probed (Antitrust)
Links for the day
Links 16/04/2024: Second Sunday After Easter and "Re-inventing the Wheel"
Links for the day
Upcoming Themes and Articles in Techrights
we expect to have already caught up with most of the administrivia and hopefully we'll be back to the prior pace some time later this week
Links 16/04/2024: Levente "anthraxx" Polyák as Arch Linux 2024 Leader, openSUSE Leap Micro 6 Now Alpha, Facebook Blocking News
Links for the day
Where is the copyright notice and license for Debian GNU/Linux itself?
Reprinted with permission from Daniel Pocock
Halász Dávid & IBM Red Hat, OSCAL, Albania dating
Reprinted with permission from the Free Software Fellowship
Apology & Correction: Daniele Scasciafratte & Mozilla, OSCAL, Albania dating
Reprinted with permission from the Free Software Fellowship
Next Week Marks a Year Since Red Hat Mass Layoffs, Another Round Would be "Consistent With Other Layoffs at IBM."
"From anon: Global D&I team has been cut in half."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, April 15, 2024
IRC logs for Monday, April 15, 2024