EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.29.14

The Latest Bug Door in Windows ‘Patched’, But the Patch Breaks Systems

Posted in Microsoft, Security, Windows at 9:10 am by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

AND THEN WE TOLD CHINA THEY CAN SEE WINDOWS CODE WHILE INVITING THE NSA TO THE FINAL BUILD PROCESS

Summary: Errors in Windows that facilitate remote access and privilege escalation (affecting every version of Windows) continue to surface and those who fix these errors risk bricking their systems/services

Having just made (generated rather, using an online tool) the above meme to make an important point (pardon the “Windows” typo), we wish to bring together some recent news about Microsoft Windows, probably the least secure operating system in the world (by design). The NSA is involved in finalising Windows development and knowing what many people finally know about the NSA, it oughtn’t be shocking that Windows uses weakened/flawed encryption, enables remote access, etc.

Earlier this month there was a lot of press coverage about a massive flaw and an “emergency” patch for Windows. The NSA, for a fact (based on Snowden’s leaks), already knew about this. It knew about before it was patched, as Microsoft tells the NSA about every flaw before patches are applied and flaws become common knowledge.

Stephen Withers, a booster of Microsoft from Australia, said that a “very old but only just fixed Windows vulnerability is the key to a new in-the-wild attack.

“Security vendor ESET says it has detected a real-life exploit for a vulnerability that’s been part of Windows for nearly two decades.”

So it’s not just exploitable by the NSA anymore.

Over at IDG, this flaw was said to have a botched ‘solution’. As the author put it: “Last Tuesday’s MS14-066 causes some servers to inexplicably hang, AWS or IIS to break, and Microsoft Access to roll over and play dead”

So patch or don’t patch, you are in a serious problem either way. Welcome to the “professional” and “enterprise-ready” world of Microsoft.

As Microsoft boosters put it, “Microsoft has announced that they will be pushing an out-of-band security patch today. The patch, which affects nearly all of the company’s major platforms, is rated ‘critical’ and it is recommended that you install the patch immediately.”

To brick one’s system?

Here is what British press wrote about it:

MICROSOFT HAS ISSUED an emergency patch for the Kerberos Bug that could allow an attacker to perform privilege escalation in several versions of Windows.

In what will be the firm’s third emergency patch in the past three months, the fix arrives just a week after the monthly Patch Tuesday release.

In other curious news from the same source, British taxpayers’ money has just been wasted cleaning up the mess of Microsoft Windows with its baked-in back doors. Windows is being hijacked en masse, but the corporate media refers to it as “PC”, not Windows. This is a crucial omission. The insecurity of Windows is not always accidental. It was designed to be easy to access (only by the “Good Guys”, of course!). “THE UK NATIONAL CRIME AGENCY (NCA) has arrested five people,” said the British press, “as part of a crackdown on hackers who hijack computers using Remote Access Trojans (RATs).” It’s a shame that they don’t point out that it’s a Windows-only problem. It doesn’t even take much in terms of skill to hijack Windows, as many hackers and crackers can attest to. To quote this report: “The NCA said on Friday that it has arrested two 33-year-old men and a 30-year-old woman from Leeds, along with a 20 year-old man from Chatham in Kent and a 40-year-old from Darlington in Yorkshire.”

This 20 year-old cracker is about as old as the latest bug door from Microsoft. With 19-year-old flaws in Windows (“critical” too) it oughtn’t be hard to hijack Windows-running PCs by the millions and even by the billions. As this article put it, the flaw is very severe and “Microsoft’s out-of-band update yesterday fixes a profoundly serious bug: Any user logged into the domain can elevate their own privilege to any other, up to and including Domain Administrator.”

Robert Pogson wrote that Microsoft “told the world they were naked and now system administrators are scurrying around to make sure every system running InActive Directory has a patch.”

As usual, no logos and brand names for this bug, not even the huge media hype that we saw when GNU Bash and OpenSSL had a bug in them. Perhaps the media learned to accept that Windows is Swiss cheese, or more likely it is unconsciously complicit in Microsoft’s PR.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. luvr said,

    November 29, 2014 at 11:34 am

    Gravatar

    Pity that I’m awfully lousy as an artist, or I would design a “Broken Windows” logo (as a variant of the well-known Windows logo), with the text “ADShock” added in.

What Else is New

  1. Links 9/1/2017: Civilization VI Coming to GNU/Linux, digiKam 5.4.0 Released

    Links for the day

  2. Links 9/1/2017: Dell’s Latest XPS 13, GPD Pocket With GNU/Linux

    Links for the day

  3. Update on Patent Trolls and Their Enablers: IAM, Fortress, Inventergy, Nokia, MOSAID/Conversant, Microsoft, Intellectual Ventures, Faraday Future, A*STAR, GPNE, AlphaCap Ventures, and TC Heartland

    A potpourri of reports about some of the world’s worst patent trolls and their highly damaging enablers/facilitators, including Microsoft which claims that it “loves Linux” whilst attacking it with patents by proxy

  4. Mark Summerfield: “US Supreme Court Decision in Alice Looks to Have Eliminated About 75% of New Business Method Patents.”

    Some of the patent microcosm, or those who profit from the bureaucracy associated with patents, responds to claims made by Techrights (that software patents are a dying breed in the US)

  5. Eight Wireless Patents Have Just Been Invalidated Under Section 101 (Alice), But Don't Expect the Patent Microcosm to Cover This News

    Firms that are profiting from patents (without actually producing or inventing anything) want us to obsess over and think about the rare and few cases (some very old) where judges deny Alice and honour patents on software

  6. 2017: Latest Year That the Unitary Patent (UPC) is Still Stuck in a Limbo

    The issues associated with the UPC, especially in light of ongoing negotiations of Britain's exit from the EU, remain too big a barrier to any implementation this year (and probably future years too)

  7. Links 7/1/2017: Linux 4.9.1, Wine 2.0 RC4

    Links for the day

  8. India Keeps Rejecting Software Patents in Spite of Pressure From Large Foreign Multinationals

    India's resilience in the face of incredible pressure to allow software patents is essential for the success of India's growing software industry and more effort is needed to thwart corporate colonisation through patents in India itself

  9. Links 6/1/2017: Irssi 1.0.0, KaOS 2017.01 Released

    Links for the day

  10. Watchtroll a Fake News Site in Lobbying Mode and Attack Mode Against Those Who Don't Agree (Even PTAB and Judges)

    A look at some of the latest spin and the latest shaming courtesy of the patent microcosm, which behaves so poorly that one has to wonder if its objective is to alienate everyone

  11. The Productivity Commission Warns Against Patent Maximalism, Which is Where China (SIPO) is Heading Along With EPO

    In defiance of common sense and everything that public officials or academics keep saying (European, Australian, American), China's SIPO and Europe's EPO want us to believe that when it comes to patents it's "the more, the merrier"

  12. Technical Failure of the European Patent Office (EPO) a Growing Cause for Concern

    The problem associated with Battistelli's strategy of increasing so-called 'production' by granting in haste everything on the shelf is quickly being grasped by patent professionals (outside EPO), not just patent examiners (inside EPO)

  13. Links 5/1/2017: Inkscape 0.92, GNU Sed 4.3

    Links for the day

  14. Links 4/1/2017: Cutelyst 1.2.0 and Lumina 1.2 Desktop Released

    Links for the day

  15. Financial Giants Will Attempt to Dominate or Control Bitcoin, Blockchain and Other Disruptive Free Software Using Software Patents

    Free/Open Source software in the currency and trading world promised to emancipate us from the yoke of banking conglomerates, but a gold rush for software patents threatens to jeopardise any meaningful change or progress

  16. New Article From Heise Explains Erosion of Patent Quality at the European Patent Office (EPO)

    To nobody's surprise, the past half a decade saw accelerating demise in quality of European Patents (EPs) and it is the fault of Battistelli's notorious policies

  17. Insensitivity at the EPO’s Management – Part V: Suspension of Salary and Unfair Trials

    One of the lesser-publicised cases of EPO witch-hunting, wherein a member of staff is denied a salary "without any notification"

  18. Links 3/1/2017: Microsoft Imposing TPM2 on Linux, ASUS Bringing Out Android Phones

    Links for the day

  19. Links 2/1/2017: Neptune 4.5.3 Release, Netrunner Desktop 17.01 Released

    Links for the day

  20. Teaser: Corruption Indictments Brought Against Vice-President of the European Patent Office (EPO)

    New trouble for Željko Topić in Strasbourg, making it yet another EPO Vice-President who is on shaky grounds and paving the way to managerial collapse/avalanche at the EPO

  21. 365 Days Later, German Justice Minister Heiko Maas Remains Silent and Thus Complicit in EPO Abuses on German Soil

    The utter lack of participation, involvement or even intervention by German authorities serve to confirm that the government of Germany is very much complicit in the EPO's abuses, by refusing to do anything to stop them

  22. Battistelli's Idea of 'Independent' 'External' 'Social' 'Study' is Something to BUY From Notorious Firm PwC

    The sham which is the so-called 'social' 'study' as explained by the Central Staff Committee last year, well before the results came out

  23. Europe Should Listen to SMEs Regarding the UPC, as Battistelli, Team UPC and the Select Committee Lie About It

    Another example of UPC promotion from within the EPO (a committee dedicated to UPC promotion), in spite of everything we know about opposition to the UPC from small businesses (not the imaginary ones which Team UPC claims to speak 'on behalf' of)

  24. Video: French State Secretary for Digital Economy Speaks Out Against Benoît Battistelli at Battistelli's PR Event

    Uploaded by SUEPO earlier today was the above video, which shows how last year's party (actually 2015) was spoiled for Battistelli by the French State Secretary for Digital Economy, Axelle Lemaire, echoing the French government's concern about union busting etc. at the EPO (only to be rudely censored by Battistelli's 'media partner')

  25. When EPO Vice-President, Who Will Resign Soon, Made a Mockery of the EPO

    Leaked letter from Willy Minnoye/management to the people who are supposed to oversee EPO management

  26. No Separation of Powers or Justice at the EPO: Reign of Terror by Battistelli Explained in Letter to the Administrative Council

    In violation of international labour laws, Team Battistelli marches on and engages in a union-busting race against the clock, relying on immunity to keep this gravy train rolling before an inevitable crash

  27. FFPE-EPO is a Zombie (if Not Dead) Yellow Union Whose Only de Facto Purpose Has Been Attacking the EPO's Staff Union

    A new year's reminder that the EPO has only one legitimate union, the Staff Union of the EPO (SUEPO), whereas FFPE-EPO serves virtually no purpose other than to attack SUEPO, more so after signing a deal with the devil (Battistelli)

  28. EPO Select Committee is Wrong About the Unitary Patent (UPC)

    The UPC is neither desirable nor practical, especially now that the EPO lowers patent quality; but does the Select Committee understand that?

  29. Links 1/1/2017: KDE Plasma 5.9 Coming, PelicanHPC 4.1

    Links for the day

  30. 2016: The Year EPO Staff Went on Strike, Possibly “Biggest Ever Strike in the History of the EPO.”

    A look back at a key event inside the EPO, which marked somewhat of a breaking point for Team Battistelli

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts