02.11.15

Microsoft Back Door in Windows (All Versions) Intentionally Left Open For Over a Year, Existed for 15 Years

Posted in Microsoft, Security, Servers at 9:38 am by Dr. Roy Schestowitz

Summary: It has become more obvious that Windows back doors are there by design (or knowingly left there by intention) even after Snowden’s NSA leaks

THERE ARE SOME corporate media reports about Microsoft patches, but few realise the significance of it. Microsoft tells the NSA about unpatched holes in Windows and other Microsoft software, which is the equivalent of giving the NSA back door access.

As we noted some weeks ago, evidence shows that Microsoft doesn't care about security and it is evidently the same with Apple. They both sat on known flaws that were critical for longer than 3 months, refusing to patch them. Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).

“Both proprietary software companies, which together command the lion’s share of laptop and desktop operating systems, simply refused to close back doors and only decided to do something at the very belated end because the public finally knew about them (Google let is be known).”Dan Goodin, who typically spends his ‘journalism’ career bashing Free software over security, has finally decided to shift some focus and write about a massive Windows flaw. It’s a major one, no doubt; But no name, no “branding”…

In Goodin’s own words:

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.

The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.

The significant part is in the second paragraph above (“took Microsoft more than 12 months to fix”). We can interpret that as saying that the hole, which NSA used for over a year for back door access (because Mirosoft told the NSA about it), is finally being acknowledged to the public. Therein lies the ‘magic’ of proprietary software. Is the NSA now ‘done’ cracking all the world’s networks that have Windows in them? Is it now ‘safe’ to finally close this back door?

Microsoft Windows is an utter joke when it comes to security, as Microsoft’s own actions serve to show. Back doors surely look like the goal, not an error. Windows was recently used to crack Sony years after the NSA had cracked North Korea’s network. Those who knowingly used an operating system with back doors can’t blame anyone other than themselves and perhaps Microsoft/NSA. Misplaced blame these days typically names China, Russia, or North Korea.

Remember that Microsoft leaves security holes open/in fact anyway, no matter if versions of Windows are supported or not (upgrades are neither simple nor free). As Goodin’s former employer puts it:

What happens six months from now, on 14 July? That’s the date Microsoft issues its last security fix ever for Window Server 2003 – the end of extended support from the server operating system’s maker.

The article states that many servers will basically be left with permanent back doors. Many of them contain customers’ (or patients’) data.

As Robert Pogson put it, “Server 2003, which is due to go without support this summer won’t be fixed for a recent Patch Tuesday revelation of a vulnerability built-in by design a decade ago and impossible to fix without breaking everything…”

He concludes correctly: “Maybe it’s time people switched to GNU/Linux, an operating system not designed by salesmen. It’s not perfect but at least the bugs are fixable.”

Yes, even bugs with special names, logos, and “branding” — those that the corporate media loves to hype up. █

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

Watchtroll a Fake News Site in Lobbying Mode and Attack Mode Against Those Who Don't Agree (Even PTAB and Judges)

A look at some of the latest spin and the latest shaming courtesy of the patent microcosm, which behaves so poorly that one has to wonder if its objective is to alienate everyone
The Productivity Commission Warns Against Patent Maximalism, Which is Where China (SIPO) is Heading Along With EPO

In defiance of common sense and everything that public officials or academics keep saying (European, Australian, American), China's SIPO and Europe's EPO want us to believe that when it comes to patents it's "the more, the merrier"
Technical Failure of the European Patent Office (EPO) a Growing Cause for Concern

The problem associated with Battistelli's strategy of increasing so-called 'production' by granting in haste everything on the shelf is quickly being grasped by patent professionals (outside EPO), not just patent examiners (inside EPO)
Links 5/1/2017: Inkscape 0.92, GNU Sed 4.3

Links for the day
Links 4/1/2017: Cutelyst 1.2.0 and Lumina 1.2 Desktop Released

Links for the day
Financial Giants Will Attempt to Dominate or Control Bitcoin, Blockchain and Other Disruptive Free Software Using Software Patents

Free/Open Source software in the currency and trading world promised to emancipate us from the yoke of banking conglomerates, but a gold rush for software patents threatens to jeopardise any meaningful change or progress
New Article From Heise Explains Erosion of Patent Quality at the European Patent Office (EPO)

To nobody's surprise, the past half a decade saw accelerating demise in quality of European Patents (EPs) and it is the fault of Battistelli's notorious policies
Insensitivity at the EPO’s Management – Part V: Suspension of Salary and Unfair Trials

One of the lesser-publicised cases of EPO witch-hunting, wherein a member of staff is denied a salary "without any notification"
Links 3/1/2017: Microsoft Imposing TPM2 on Linux, ASUS Bringing Out Android Phones

Links for the day
Links 2/1/2017: Neptune 4.5.3 Release, Netrunner Desktop 17.01 Released

Links for the day
Teaser: Corruption Indictments Brought Against Vice-President of the European Patent Office (EPO)

New trouble for Željko Topić in Strasbourg, making it yet another EPO Vice-President who is on shaky grounds and paving the way to managerial collapse/avalanche at the EPO
365 Days Later, German Justice Minister Heiko Maas Remains Silent and Thus Complicit in EPO Abuses on German Soil

The utter lack of participation, involvement or even intervention by German authorities serve to confirm that the government of Germany is very much complicit in the EPO's abuses, by refusing to do anything to stop them
Battistelli's Idea of 'Independent' 'External' 'Social' 'Study' is Something to BUY From Notorious Firm PwC

The sham which is the so-called 'social' 'study' as explained by the Central Staff Committee last year, well before the results came out
Europe Should Listen to SMEs Regarding the UPC, as Battistelli, Team UPC and the Select Committee Lie About It

Another example of UPC promotion from within the EPO (a committee dedicated to UPC promotion), in spite of everything we know about opposition to the UPC from small businesses (not the imaginary ones which Team UPC claims to speak 'on behalf' of)
Video: French State Secretary for Digital Economy Speaks Out Against Benoît Battistelli at Battistelli's PR Event

Uploaded by SUEPO earlier today was the above video, which shows how last year's party (actually 2015) was spoiled for Battistelli by the French State Secretary for Digital Economy, Axelle Lemaire, echoing the French government's concern about union busting etc. at the EPO (only to be rudely censored by Battistelli's 'media partner')
When EPO Vice-President, Who Will Resign Soon, Made a Mockery of the EPO

Leaked letter from Willy Minnoye/management to the people who are supposed to oversee EPO management
No Separation of Powers or Justice at the EPO: Reign of Terror by Battistelli Explained in Letter to the Administrative Council

In violation of international labour laws, Team Battistelli marches on and engages in a union-busting race against the clock, relying on immunity to keep this gravy train rolling before an inevitable crash
FFPE-EPO is a Zombie (if Not Dead) Yellow Union Whose Only de Facto Purpose Has Been Attacking the EPO's Staff Union

A new year's reminder that the EPO has only one legitimate union, the Staff Union of the EPO (SUEPO), whereas FFPE-EPO serves virtually no purpose other than to attack SUEPO, more so after signing a deal with the devil (Battistelli)
EPO Select Committee is Wrong About the Unitary Patent (UPC)

The UPC is neither desirable nor practical, especially now that the EPO lowers patent quality; but does the Select Committee understand that?
Links 1/1/2017: KDE Plasma 5.9 Coming, PelicanHPC 4.1

Links for the day
2016: The Year EPO Staff Went on Strike, Possibly “Biggest Ever Strike in the History of the EPO.”

A look back at a key event inside the EPO, which marked somewhat of a breaking point for Team Battistelli
Open EPO Letter Bemoans Battistelli's Antisocial Autocracy Disguised/Camouflaged Under the Misleading Term “Social Democracy”

Orwellian misuse of terms by the EPO, which keeps using the term "social democracy" whilst actually pushing further and further towards a totalitarian regime led by 'King' Battistelli
EPO's Central Staff Committee Complains About Battistelli's Bodyguards Fetish and Corruption of the Media

Even the EPO's Central Staff Committee (not SUEPO) understands that Battistelli brings waste and disgrace to the Office
Translation of French Texts About Battistelli and His Awful Perception of Omnipotence

The paradigm of totalitarian control, inability to admit mistakes and tendency to lie all the time is backfiring on the EPO rather than making it stronger
2016 in Review and Plans for 2017

A look back and a quick look at the road ahead, as 2016 comes to an end
Links 31/12/2016: Firefox 52 Improves Privacy, Tizen Comes to Middle East

Links for the day
Korea's Challenge of Abusive Patents, China's Race to the Bottom, and the United States' Gradual Improvement

An outline of recent stories about patents, where patent quality is key, reflecting upon the population's interests rather than the interests of few very powerful corporations
German Justice Minister Heiko Maas, Who Flagrantly Ignores Serious EPO Abuses, Helps Battistelli's Agenda ('Reform') With the UPC

The role played by Heiko Maas in the UPC, which would harm businesses and people all across Europe, is becoming clearer and hence his motivation/desire to keep Team Battistelli in tact, in spite of endless abuses on German soil
Links 30/12/2016: KDE for FreeBSD, Automotive Grade Linux UCB 3.0

Links for the day
Software Patents Continue to Collapse, But IBM, Watchtroll and David Kappos Continue to Deny and Antagonise It

The latest facts and figures about software patents, compared to the spinmeisters' creed which they profit from (because they are in the litigation business)