Bonum Certa Men Certa

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Oppression and proprietary software are a pair

Guard with machine gun



Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one's Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:



"A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."


From the original source rather than Slashdot's summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to "system," and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.


According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, "You could shut down power stations, you could shut down the transport network across the United Kingdom".


We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called 'rogue' nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It's So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran's Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild


A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

"ANOTHER Windows only story from the #BBC not mentioning Windows," wrote Gordon, "they send people to jail for not paying for this s**t," he added" (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.


This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about "virus alert system" (not mentioning Windows of course) and Gordon says one "gotta love the ISPs who spy on their customers connections #TalkTalk... this excuse is "malware protection" [still Windows of course]":

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.


More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner's Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.


The problem here is proprietary software and also this illusion of needing government help (with Phorm that's harboured by it) to simply navigate through some Web pages.

Recent Techrights' Posts

Linux Foundation is a Mediator for Microsoft et al, Not for Small Companies That Support Rather Than Attack the GPL
Many people still wrongly assume that because it is called "Linux Foundation", then it is pro-Linux and represents the same mindset
This Past Friday, Confirming What We Said All Along About Brett Wilson LLP: It's Shrinking, Has Considerable Debt, Loss of Net Assets Despite the Microsoft SLAPP Money
The documents only became publicly available less than 2 days ago
There Was Always Too Much 'Crazy Stuff' Going on Around Freenode
What many IRC users lost sight of
Exposing Crime is Not a Crime (It Never Was)
In the eyes of rich and powerful people, those who speak about their crimes are the "criminals"
 
Links 08/06/2025: Exposure of More GAFAM Surveillance and Social Security Records Compromised
Links for the day
Some of the Many Reasons We Sued Microsofters for Harassment
perpetrators of harassment
For 20 Years Many People Were Sharecropping for Canonical's Oligarch, Now He's Deleting All Their Contributions
"Ubuntu has erased instead of archiving the trove of material at Ubuntu Forums"
GNU/Linux Distros Abandoning Microsoft GitHub
Will curl be next to leave Microsoft GitHub?
Expect More XBox Mass Layoffs Soon If the Rumours Are True
From a Microsoft media operative
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 07, 2025
IRC logs for Saturday, June 07, 2025
Europe Needs to Move Away From GAFAM; The Sooner, the Better
Europe - not just the EU - must abandon GAFAM as soon as possible
The Issue Isn't GNOME's Promotion of Diversity But GNOME Corruption, Abuse, Censorship, and Worse
So-called "Conservative" (republican, pro-Trump, bigoted) people want you to think the problem with GNOME is politics
When the News Sources Become Scarce and Increasingly Full of Polluted/Contaminated 'Content' (With LLM Slop and Slop Images)
Integrity matters
"Linux" Sites That Spew Out LLM Slop
We're lacking enough material for another "Slopwatch"
Abuse Inside the Polish Patent Office (UPRP) - Part V: Breaking the Law, Just Like EPO
We'll hopefully cover some of the pertinent details later this year
Links 08/06/2025: Security Lapses, CISA Cuts, and More
Links for the day
Gemini Links 07/06/2025: Mime Types and Geminisphere Introduction
Links for the day
Links 07/06/2025: Slop Companies Retain All Private Data, More Books Banned in the US
Links for the day
Gemini Links 07/06/2025: "A Monk's Guide to Happiness" and "Wireless Earbuds"
Links for the day
Links 07/06/2025: More Rumours of Mass Layoffs in Microsoft's XBox Division, New COVID Variant
Links for the day
Drug Addiction is a Real Problem, It Destroys Families
a rather sensitive matter
Abuse Inside the Polish Patent Office (UPRP) - Part IV: Political Scrutiny and Errors/Inconsistencies in Official Documents
When such organisations receive scrutiny they start focusing on cover-up and muzzling of facts (or crushing people who say the truth)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 06, 2025
IRC logs for Friday, June 06, 2025
Slopwatch: LinuxTechLab, Planet Ubuntu, Anti-Linux FUD, and Microsoft SPAM
It's not easy to altogether avoid take articles these days
Gemini Links 06/06/2025: "MBA Tear" and Slop ('AI') as Plagiarism
Links for the day
Links 06/06/2025: "Convicted Felon and MElon Trade Insults" and Europe Snubbed by US Again
Links for the day
Links 06/06/2025: Microsoft XBox Bracing For More Mass Layoffs, Climate Disaster, Fake 'Money' Tokens From US President
Links for the day
Gemini Links 06/06/2025: Vanishing Cultures and MElon Implosion
Links for the day
Extortion is a Crime, Even If You're Based in Another Continent and Work for Microsoft
reported to British authorities
We're in 6/6 Now, Almost Halfway in 2025
2025 was probably the best year for us
South Americans Are Saying Goodbye to Microsoft
We're hardly even "Cherry-Picking" or conveniently singling out one South American nation
Abuse Inside the Polish Patent Office (UPRP) - Part III: Data Protection Failures, Just Like at the European Patent Office (EPO)
Just less than a decade ago we showed that the EPO had illegally shared staff data with third parties
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 05, 2025
IRC logs for Thursday, June 05, 2025