Bonum Certa Men Certa
Revealed: Microsoft is Trying to Corrupt the UK in Order to Eliminate Its OpenDocument Format-Oriented Standards Policy | Forget the FUD About Bash and OpenSSL, Microsoft Windows Blamed for Massive Credit Cards Heist

Windows 'Update' and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

Summary: The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)

Windows 'Update', which essentially translates into Microsoft manipulating binaries on people's machines without any changelog (at least not in source code form), is making the news again this month. Windows 'Update' is happening quite often (a monthly recurrence), but this time there is a lot to say about it.



The British NHS, which holds full medical records of very many individuals, recently received a lot of flack for sticking with an unsupported operating system that was released when I was a teenager instead of upgrading to recently-built Free software like GNU/Linux. Guess what happened to the NHS? "NHS XP patch scratch leaves patient records wide open to HACKERS" says the British press, meaning that not only the NSA gets access to NHS data:

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal.


Another story of a botched update of Windows says that "Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud":

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft's Windows Update mechanism.


That's what one gets when using weak ciphers that the NSA promotes and Microsoft willingly spreads. Windows Update is a dangerous tool for many reasons not just because it is bricking Linux devices these days but because it's a tool that gives the NSA a lot of power. Before an update kicks in the NSA is given information that allows it to take full control of PCs with Windows, remotely even (this is done every month). This may sound benign until one learns about Stuxnet (weaponised malware of the NSA) and considers this latest Patch Tuesday:

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming, experts say.

“Next week will tell us how many CVEs are involved but suffice to say, this patch load will be a big impact to the enterprise,” says Russ Ernst, the director of product management for Lumension.


CBS, being not just a proponent of espionage, mass surveillance, assassination and violent wars but also a proponent of back doors, had its site ZDNet downplay the above. "So far in calendar year 2014," it said, "Microsoft has fixed 215 vulnerabilities in Internet Explorer" (lots of potential NSA back doors). Then come some lame excuses and damage control from Microsoft in the update, trying to make its bad record look like a positive, neglecting that fact that Microsoft has been secretly patching holes to yield fake numbers and give a false sense of security. Here is the full summary:

So far in calendar year 2014, Microsoft has fixed 215 vulnerabilities in Internet Explorer, with more coming out today. There have been security updates to Internet Explorer every month this year except for January.


This other report, titled "Potentially catastrophic bug bites all versions of Windows. Patch now", does not entertain the possibility of back/bug doors in Microsoft Windows being exploited, despite that fact that Microsoft already told the NSA (prodifing exploit knowledge), which undoubtedly engages in illegal intrusions/cracking. A report from IDG notes that this bug is nearly two decades old and add that only "[w]ith help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. "

"How many times might this flaw have been exploited by now?"So IBM, despite having no access to source code (as far as we can tell), was perhaps the only reason why Microsoft addressed this issue two decades late, eh? How many times might this flaw have been exploited by now? A reader of us, alluding to that nonsense .NET PR, explains: "Perhaps a big reason for the PR teams trumpeting the open-core or freemium model?"

It sure serves as a good distraction. When Windows XP support (patches) came to an end a Microsoft-connected firm immediately (on the very same day) started throwing brands and logos in relation to an OpenSSL bug, stealing the show and spreading FUD for many months, generalising it so as to appear like a serious, inherent issue in FOSS.

Watch this critical remote code execution flaw in Windows. It is extremely serious, but there is no logo or brand for it (unlike FOSS FUD like "Heartbleed" or "Shellshock" -- with a brand that was even perpetuated by the Russia-based Mandriva the other day).

Revealed: Microsoft is Trying to Corrupt the UK in Order to Eliminate Its OpenDocument Format-Oriented Standards Policy | Forget the FUD About Bash and OpenSSL, Microsoft Windows Blamed for Massive Credit Cards Heist

Recent Techrights' Posts

[Video] To Combat Efforts to Cancel or Kill the Career (and Reputation) of the People Who Made GNU/Linux We Must Rally the Community
nobody speaks better for projects and for licences than their own founders
Electronic Frontier Foundation Incorporated is Run by/for Corporations Now (Members' Money is Less Than a Quarter of the Money EFF Receives)
Facebook bribes
 
Links 10/12/2023: Inflation Woes, Tensions With China
Links for the day
IRC Proceedings: Saturday, December 09, 2023
IRC logs for Saturday, December 09, 2023
Links 09/12/2023: Dictator's Nomination in Russia
Links for the day
The EFF Should Know Better, But It Is Promoting Mass Surveillance by Facebook (an Endorsement of Lies)
What is going on at the EFF?
Feedback Desired
Feedback can be sent by E-mail
A Message in Support of Richard Stallman, Condemning Those Who Misportray Him
message about Richard Stallman (RMS)
Links 09/12/2023: Many 'Open'AI Employees Strongly Dislike Microsoft, Many Impending Strikes
Links for the day
IRC Proceedings: Friday, December 08, 2023
IRC logs for Friday, December 08, 2023
Over at Tux Machines...
GNU/Linux news
Open Source Initiative (OSI) is Microsoft, It Presents Microsoft-Controlled Projects Like They're Everything That Exists in the World
They're not assessing the real data, they keep track only of projects foolish enough to choose slavery under Microsoft
Links 08/12/2023: Cyber Resilience Act in EU and Denmark Embracing 'Blasphemy Law'
Links for the day
Linus Torvalds Cannot Easily 'Offend' Companies Anymore, But Weeks Ago He Explained Why (Linux Support and Hardware Documentation Has Significantly Improved)
new clip
Links 08/12/2023: Tidal and Simplilearn Layoffs
Links for the day
IRC Proceedings: Thursday, December 07, 2023
IRC logs for Thursday, December 07, 2023
[Video] The Media Facilitates Microsoft's Abuse, Bribes, and Growing Threats to National Security
The failure of the media to properly and independently explain what's happening will continue to doom the media
[Video] The Next Ten Years of Techrights in a World With Changing Threats and Technological Landscapes (or Trends That Are Buzzwords/Cargo Cults)
The video of today talks about the site's (and capsule's plan) for the future
Wikipedia is Vandalism, Brought to You by Microsoft and Bill Gates
Reprinted with permission from Ryan Farmer