11.13.09

Gemini version available ♊︎

If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Posted in Law, Microsoft, Security, Vista 7, Windows at 1:19 pm by Dr. Roy Schestowitz

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Summary: Microsoft’s inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it’s too late. SJVN argues:

I do wonder sometimes about Microsoft’s quality assurance. No, I tell a lie. I always wonder about Microsoft’s quality assurance. As in, “How can they keep making mistakes like this?” In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit’s code: “‘Most Secure Os Ever’ –> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL”

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just “embarrassingly bad”, it is practically very bad because exploit code is already out there while Microsoft is still “investigating”.

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet?

On Vista 7 insecurity:

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Outsourcing Sites to Social Control Media is an Outdated Mindset in 2022

    Centralised or federated censorship/filtering platforms (also known as "social [control] media" [sic]) aren't the way forward; we're therefore a little surprised that Linux Weekly News (LWN) bothers with that languishing bandwagon all of a sudden



  2. Links 20/05/2022: Plasma's Latest Beta in Kubuntu 22.04, Kapow 1.6.0 Released

    Links for the day



  3. Turkey's Migration to Pardus Linux and LibreOffice Explained 2 Months Ago in LibrePlanet

    This talk by Hüseyin GÜÇ was uploaded under the title “Real world GNU/Linux story from Istanbul”



  4. In Turkey, Windows Market Share is Down to Almost Nothing, 'Linux' is About Two Thirds of the Connected Devices

    Watch this graph of Windows going down from around 99.5% to just 11.55% this month



  5. The Lies and Delusions of António Campinos

    Monopolies and American corporations (and their lawyers) are a priority for today's EPO, Europe's second-largest institution



  6. Links 20/05/2022: Fedora BIOS Boot SIG

    Links for the day



  7. Links 20/05/2022: Oracle Linux 8.6 and VMware Security Crisis

    Links for the day



  8. IRC Proceedings: Thursday, May 19, 2022

    IRC logs for Thursday, May 19, 2022



  9. Links 19/05/2022: Rust 1.61.0 and Lots of Security FUD

    Links for the day



  10. EPO Eating Its Own (and Robbing Its Own)

    António Campinos is lying to his staff and losing his temper when challenged about it; Like Benoît Battistelli, who ‘fixed’ this job for his banker buddy (despite a clear lack of qualifications and relevant experience), he’s just robbing the EPO’s staff (even pensioners!) and scrubbing the EPC for ill-gotten money, which is in turn illegally funneled into financialization schemes



  11. [Meme] EPO Budget Tanking?

    While the EPO‘s António Campinos incites people (and politicians) to break the law he’s also attacking, robbing, and lying to his own staff; thankfully, his staff isn’t gullible enough and some MEPs are sympathetic; soon to follow is a video and publication about the EPO’s systematic plunder (ETA midnight GMT)



  12. EPO.org (Official EPO Site) Continues to Promote Illegal Agenda and Exploit Ukraine for PR Stunts That Help Unaccountable Crooks

    epo.org has been turned into a non-stop propaganda machine of Benoît Battistelli and António Campinos because the EPO routinely breaks the law; it’s rather tasteless that while Ukrainians are dying the EPO’s mob exploits Ukraine for PR purposes



  13. [Meme] EPO Applicants Unwittingly Fund the War on Ukraine

    As we’ve just shown, António Campinos is desperately trying to hide a massive EPO scandal



  14. EPO Virtue-Signalling on the Ukrainian Front

    António Campinos persists in attention-shifting dross and photo ops; none of that can change the verifiable facts about the EPO’s connections to Lukashenko’s 'science park' in Minsk



  15. Links 19/05/2022: PostgreSQL 15 Beta 1 and Plasma 5.25 Beta

    Links for the day



  16. A Libera.Chat Anniversary and Happy Birthday (Maybe the Last) to 'Leenode'

    What became known as the so-called ‘Leenode’ is a cautionary tale, but maybe it is also a blessing in disguise because IRC as a whole seem to have become a lot more decentralised (as everything should be)



  17. Links 19/05/2022: The Gradual Fall of Netflix/DRM

    Links for the day



  18. IRC Proceedings: Wednesday, May 18, 2022

    IRC logs for Wednesday, May 18, 2022



  19. Links 18/05/2022: Qt Company Loses Chief; OpenSUSE Leap Micro 5.2 and RHEL 9 Final

    Links for the day



  20. Jim Zemlin's Wife is Funded by Puppies (Microsoft)

    Jim Zemlin — like his wife — is bagging millions from Microsoft, but that’s clearly a conflict of interest for the Linux Foundation



  21. Links 18/05/2022: More Defections From WordPress to Gemini

    Links for the day



  22. Links 18/05/2022: PikaScript and cURL's Annual User Survey

    Links for the day



  23. IRC Proceedings: Tuesday, May 17, 2022

    IRC logs for Tuesday, May 17, 2022



  24. Phoronix: Microsoft and Phoronix Sponsor (and Close Microsoft Partner) AMD All Over the Place

    When you’re taking massive 'gifts' from AMD (and also some from Microsoft) maybe it’s not surprising that editorial decisions change somewhat…



  25. EPO Has No F-ing Oversight

    Earlier today SUEPO mentioned this new article demonstrating that EPO President António Campinos can very obviously and blatantly violate the Code of Conduct of the Office without facing any consequences; there are translations too, so the report is now available in four languages



  26. [Meme] Linux-Rejecting Foundation

    The Linux Foundation never really leads by example; by default, it uses proprietary software



  27. Linux Foundation Almost Never Uses Open Source

    The Linux Foundation uses proprietary software (look where they hire and take money from) and be sure they're probably not even aware of it



  28. Links 17/05/2022: Many More Games on GNU/Linux, YaST Development Report

    Links for the day



  29. Links 17/05/2022: Rocky Linux 8.6 and Budgie Desktop in Fedora

    Links for the day



  30. Patent Examiners Rising Up Against EPO Abuse

    Unhappy with the law-breaking autocracy (the EPO‘s management breaks the law as a matter of routine), fast-deteriorating working conditions and rapidly-decreasing quality of work (or lack of compliance with the law), workers have escalated further, topping off strikes and industrial actions with a large-scale petition


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts