Microsoft Security Worse Than Ever, All Windows Users Still Vulnerable
- Dr. Roy Schestowitz
- 2010-08-08 23:13:03 UTC
- Modified: 2010-08-08 23:13:03 UTC
Summary: Code red for Microsoft as just days after an "emergency" patch comes the largest-ever patchset and all versions of Windows still seem to be left open for attackers
LAST WEEK was an emergency week for Windows users [
1,
2,
3], all of whom were left vulnerable to hijacking due to Microsoft's incompetence. Here is just
one more article about it:
An emergency Windows software update will close a loophole in Microsoft’s operating system that makes it easy for hackers to take control of a computer using shortcuts
Have things truly improved after this emergency patch? Don't bet on it. Microsoft is breaking new records in this Tuesday's security update, which is
said to plug 34 holes:
Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.
There is a lot more coverage about this [
1,
2,
3,
4,
5,
6,
7,
8,
9] as
"Microsoft [is] to issue record number of security bulletins next Tuesday" [
via].
For those who think that 34 holes is the correct number, think again. Microsoft is patching its software
silently and unethically so as to fake numbers that its employees decrease by hiding some of the applied fixes. In other words, Microsoft is knowingly lying and giving fake numbers. Previously we wrote about how Microsoft also spurned researchers who had warned about security flaws in Windows [
1,
2,
3]. Microsoft is
trying to make up after the Microsoft-Spurned Researcher Collective had been created and "TippingPoint's ZDI sets a 6-month deadline on vendors to encourage faster patching," according to
this report. There is more information about it
here.
Microsoft's problems are not over and all Windows users continue to be vulnerable to attacks (even after Patch Tuesday) because:
1.
Unpatched kernel-level vuln affects all Windows versions
Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.
2.
Microsoft probes new Windows kernel bug
3.
Unpatched Vulnerability in All Windows Versions Claimed
4.
Kernel-level Vulnerabilities Hit All Windows Versions
Microsoft on Friday announced to have launched an investigation into kernel-level vulnerability hitting Windows. As per reports, all versions of the Microsoft OS have been engulfed by the bug, including the heavily fortified Windows 7.
We wrote about this in
a previous post. Rather than security improving over time, Microsoft seems to be getting worse and the number of holes is increasing.
⬆
Comments
Andrew Macabe
2010-08-09 04:02:03
twitter
2010-08-09 14:28:33
Microsoft has benefitted from the insecurity of their software for as long as I can tell. The MSDOS 5.x install from 1993 flashes messages about new technology to keep data safe from crashes and users safe from viruses. Everytime Microsoft wants to sell a new version of Windows, stories about "computer viruses" suddenly show up in the Microsoft friendly press. After nearly a decade of useless, often malicious patch Tuesdays, most people are starting to understand that Windows will never be secured. Software that has owners does what the owners want not the user.
Dr. Roy Schestowitz
2010-08-09 15:00:12