What if Microsoft built their skyscrapers too?

Summary: Despite Microsoft's utter failures in security (examples given from this month), UAE turns to Microsoft to bolster security

THIS SEEMS LIKE another great example of black comedy. "Microsoft to strengthen cyber security in UAE," says this headline of an article which says that despite bad security record "Microsoft Inc. will work towards strengthening the security of information systems and networks in the United Arab Emirates (UAE)."

No sarcasm here.

Well, for those who know about Microsoft's relationship with UAE this would not be entirely shocking. But still, here we have a company that wilfully neglects to patch critical vulnerabilities until they are actively exploited (at which point it's too late to do something about it). Microsoft's nonchalance about security (and belated new patches) is a sign of its sheer arrogance. Here is Windows' very latest zero-day flaw:

Zero-day Windows bug problem worse than first thought, says expert

Today, Kolsek said that Acros has been digging into a new class of vulnerabilities for months. It has found more than 200 flawed applications harboring more than 500 separate bugs, he added, noting that the company had reported its findings to Microsoft more than four months ago.

This is an issue that we mentioned before and it's all over the news.

“Nobody knows the real number of flaws except Microsoft, which is often caught lying as long as it's more profitable than truth.”Microsoft is not being frank about its patches (it's shrouded in secrecy) and it admitted silent patching some months ago. It's the practice of fixing serious flaws without ever announcing it, even after these flaws get patched. Did this month bring Microsoft's biggest-ever patch? Well, not for sure. Nobody knows the real number of flaws except Microsoft, which is often caught lying as long as it's more profitable than truth.

There is a good deal of news right now (e.g. [1, 2]) about Microsoft trying to increase profit by providing "mission-critical" support. That does include "critical" flaws, right? Either way, the thing about mission-critical support is it's going to be needed and will be an alternative source of Microsoft revenue until customers find more reliable software stacks (Microsoft's VLSC is/was ironically still down, as we mentioned last week for the fourth time [1, 2, 3]). But it's another situation where Microsoft takes away business from so-called 'partners'. This was already done when Microsoft launched stores, hardware products like a phone, anti-virus software, and so and so forth. Microsoft pretends to support its broken products and offer security services for its insecure software. UAE, please pay attention to the facts. ⬆