05.31.10

Gemini version available ♊︎

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Posted in Deception, GNU/Linux, Microsoft, Red Hat, Security, Servers, Windows at 6:14 am by Dr. Roy Schestowitz

Microsoft lies

Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT’S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft’s silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft’s claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.

Microsoft Official Admits to Quiet Security Patching

Microsoft doesn’t report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

“We don’t document every issue found,” Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company’s corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.

Finally. Thanks for the honesty. So how much damage has been caused by Microsoft’s lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It’s the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn’t a long history of systematic lying, unlike Microsoft.

“Microsoft smacks patch-blocking rootkit second time,” says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin’s claims, but hinted that Microsoft wouldn’t be patching IE anytime soon. “I wouldn’t classify this as a ‘vulnerability’ though,” Bryant said in an e-mail answer to questions.

The followup says:

Will browser makers patch this? Unlikely. Microsoft’s Jerry Bryant, a general manager at the company’s security response center, said the issue isn’t a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that’s the way browsers work.

“Working with [Raskin's] proof-of-concept, as written, is expected,” he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.

Let’s remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city’s website twice in the past week.

If Microsoft gets involved, then it almost must be a Windows server.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. twitter said,

    June 1, 2010 at 5:52 pm

    Gravatar

    Microsoft was cornered in two ways. First, people noticed a “silent patch”. The more fundamental bust, however, is that no one with a clue ever believed the “get the facts” propaganda. Only someone with a financial interest will tell you that Windows and GNU/Linux security are equivalent. Only someone without free software experience will believe them.

    Microsoft will go on telling the same lies. “Get the Facts” was not some kind of subtle spin. It was a direct lie, constructed of fabricated evidence, relentlessly pushed anywhere and everywhere people with computer purchasing power and developers had a discussion. Each point of the lie was refuted almost as many times. Someone might get fired for getting caught and Microsoft will keep telling the world that Windows is the most secure software ever.

DecorWhat Else is New


  1. Links 25/05/2022: ‘V Rising’ on GNU/Linux and Pearl Linux OS 11

    Links for the day



  2. Links 25/05/2022: Librem Tries Another Approach

    Links for the day



  3. IRC Proceedings: Tuesday, May 24, 2022

    IRC logs for Tuesday, May 24, 2022



  4. Links 24/05/2022: nginx-1.22.0 and WordPress 6.0

    Links for the day



  5. [Meme] Divine Protection

    You won’t find Monopoly Tony (António Campinos) wearing a mask at the EPO because the rules of the Office do not apply to him



  6. António Campinos and the Alicante Clique (EPO Management, Appointed Based on Nepotism Despite Lack of Qualifications) Nowadays Exploiting Kids for PR Charades

    The sick old habit of exploiting kids for Public Relations (PR) and marketing purposes is all too common at the EPO (they’re constantly exploiting “the children” to associate criticism of the EPO with demeaning the young and innocent), but the management — which enjoys nepotism and immunity rather than relevant skills — carries on today and it’s being called “inaugural”



  7. [Meme] Snake on a Plane

    The EPO‘s President ‘Monopoly Tony’ (António Campinos), whom you never see wearing a mask (none of the photo ops; he does not even socially distance himself from peers, he wears sneakers instead of masks) during the height of a pandemic, is the "f***ing president"; don’t tell him to wear one…



  8. Microsoft GitHub Exposé — Part XX — Entering Phase II

    We're about to resume the long-running series about the sick clique which ran GitHub until the assault on women became too much of a liability (among other wrongdoings and PR blunders)



  9. Links 24/05/2022: Fedora 37 Test Days and Tor Browser 11.0.13

    Links for the day



  10. Microsoft Vidal, as USPTO Director, Already Plays 'Political Cards' to Disguise and Deflect Away From the Corporate Agenda

    Microsoft Vidal, another corporate pawn in charge of the world’s most dangerous patent system, is using soft-spoken defle



  11. Links 24/05/2022: WAL-G 2.0

    Links for the day



  12. IRC Proceedings: Monday, May 23, 2022

    IRC logs for Monday, May 23, 2022



  13. Unethical Advertising, Published as So-called 'Articles', in CNX Software

    As we noted earlier this year, the CNX team is looking for money in the wrong places



  14. Links 23/05/2022: Broadcom to Buy VMware?

    Links for the day



  15. LibreOffice Conference 2022, As Before, Puts the Keynotes on Sale (the Rich Buy Influence, the Price Doubles)

    Discrimination against the community; talks and mentions are based on money, not merit ($2000 has become $4000 in just one year)



  16. Links 23/05/2022: Kdenlive 22.04.1 and New Alpine Linux Released

    Links for the day



  17. António Campinos Promotes Software Patents Using Buzzwords and Sketchy Loopholes With Dubious Legal Basis

    ‘Monopoly Tony’ (António Campinos) is shamelessly manipulating EPO processes at both ends (sender and receiver) to facilitate the illegal granting of invalid European software patents; we’re meant to think this former EU official and imposter (banker) is some guru in the sciences because he reads a lousy speech crafted for him with lots of meaningless buzzwords peppered all over it (he’s not good at reading it, either)



  18. [Meme] Jorgotta Be Kidding Us, Campinos!

    Monopoly Tony (António Campinos) runs the EPO by attacking the very legal basis of the EPO’s existence



  19. Unified Patent Court (UPC) Relies Too Much on Lies and Mischief Without Any Basis in Law

    Today’s video runs through the typical (weekly) lies from Team UPC — lies that are very easy to debunk; Team UPC not only drafted the thing but also looks to profit from it while misleading politicians and bribing publishers to spread intentionally misleading statements (lies)



  20. IRC Proceedings: Sunday, May 22, 2022

    IRC logs for Sunday, May 22, 2022



  21. Links 23/05/2022: Fedora 36 Reviewed

    Links for the day



  22. [Meme] It's My Working Party... And I'll Cry If I Want to!

    EPO President António Campinos is still not being held accountable for his Code of Conduct violations



  23. Links 22/05/2022: The 5.18 Kernel is Out

    Links for the day



  24. Gemini is Bigger Than Most People Care to Realise

    Geminispace has gotten to the point where it's too computationally expensive (or outright pricey) to study, let alone keep abreast of, Gemini capsules or the domain space as a whole



  25. Links 22/05/2022: Rock64 and Peppermint OS Release

    Links for the day



  26. [Meme] UPC is Always Next Year (and Next Year It'll Surely be the Year After That)

    The UPC will come “next year”, just like every year (since almost a decade ago) just because the lunatic promises so and crushes the law, quite frankly as usual, cusioned and protected by the UPC lobby



  27. UPC: Turning Patent Lawyers Into Liars and the Media Into Their Money-Grabbing Megaphone (Platform for Fake News)

    The above 26 screenshots (with necessary annotation added) hopefully illuminate the degree of deceit, manipulation, bribery and distortion of public discourse (fake news and advocacy of patently unlawful activities)



  28. Number of Working/Online Gemini Capsules, Known to Totally Legit Gemini Search (TLGS) and to Lupa, Exceeds 2,500

    Assuming that Lupa reduced its crawling capacity (this graph seems to confirm this), we’ve decided to aggregate data from 3 sources and assess the size of Geminispace; Lupa says it can see 1,947 active capsules, but there are many more it has not kept track of



  29. [Meme] Monopoly Tony

    The gentlest, kindest president the EPO ever had



  30. It Took Campinos Three or More Years to Undo Illegal Battistelli Actions on Boards of Appeal and Strike Regulations (Only After Losing at ILO-AT!), But He Does Not Mention That

    Let’s all remember that as the EPO‘s so-called ‘President’ António Campinos (Monopoly Tony) vigorously defended completely unlawful actions of Benoît Battistelli until courts compelled him to stop doing that (Strike Regulations); notice how, in the video above — a portion of this full clip from several months ago — he did not bother mentioning that for 3.5 years that he had “led” the Office the Boards of Appeal were in exile, in direct violation of the EPC, yet nobody is being held accountable for it


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts