Nothing New Under the Microsoft

Dr. Roy Schestowitz

2008-12-11 11:28:36 UTC
Modified: 2008-12-11 11:28:36 UTC

Cracker

Microsoft's handling of security is a cyclic routine that goes like this:

Many flaws get reported, accumulated, and then mostly ignored
Attacks on the unpatched flaws begin, so Microsoft 'kindly' bothers to work on patches in a rush
Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
Patches arrive too late, after many servers and desktop have already been hijacked
A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
Patches turn out to be dysfunctional and consequently many computers are left out of services
Microsoft reworks the patches and then delivers a patch to the broken patches
Repeat (1)

This month was no exception. Microsoft delivered half a dozen "critical" patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers. ⬆

____ [1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.

[2] Two new zero-day exploits dent Microsoft's Patch Tuesday

Microsoft's Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.

[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company's Internet Explorer (IE) browser.

[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.

[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.

Comments

pcolon

2008-12-11 11:47:33

MS can spin this to increase their server footprint without having to embrace Apache by claiming "MS has the real "A-Patchy" servers .
Richard Mclaughlin

2008-12-11 22:41:13

actually, it's more like this. Patches are released. smart people and IT departments install them. average joe blow doesn't. Hacker looks at the hole the patch fixed and attacks the hole. systems go down because people didn't upgrade when the patch came out.

Having run call centers for 15+ years, I know this to be a fact.
Roy Schestowitz

2008-12-11 22:53:48

How many of those "smart people" actually get 'burned' for installing bad patches? Quality counts too.

The lateness of some patches is another issue that is raised above. As the new references show, Windows is already vulnerable again and no patches will have arrived until next month.

Amended Input From Software Freedom Institute for EU Consultation on Free Software: "On 3 February 2026 Software Freedom Institute lodged a submission with the European Commission's inquiry into Open Digital Ecosystems"
Nadella's Mindless PR Spam Ahead of the Layoffs 'Snowball' (Adding Up Batches) Turning Into an Avalanche: Based on recent observations, the more puff pieces we see about Nadella, the closer we get to Microsoft "pulling the trigger" on mass layoffs
When Happens to Red Hat If (or When) IBM Collapses: IBM is in flux because its CFO is now implicated in what seems like accounting fraud
With an IBM Company Down Over 75% After Apparent Accounting Fraud the IBM Insiders Want Answers From James Krabanaugh: He has no technical qualifications
A "horrible week (hebdomada horribilis?) for the Solicitors Regulation Authority" (SRA): The SRA is part of the SLAPP problem
EPO's Central Staff Committee (CSC) on EPO Social Dialogue: They've refrained from mentioning the industrial actions
The Register MS is Promoting Ponzi Scheme for Financial Fraud/Accounting Fraud Company, The Register MS Gets Paid to Do This: Published 6 hours ago
IBM's Kyndryl Managed to Fall to Less Than a Quarter of Its Past Year's High: Imagine IBM falling to $75
Links 10/02/2026: Media Freedom Feels Dead in Hong Kong and Grammys, Superbowl Becoming Politics: Links for the day
With Firefox Measured at 2% in the United Kingdom Time is Running Out for Web Site Support for Gecko/Servo Users: The open Web is rapidly dying while Mozilla celebrates and champions slop
Lawsuit reactions: EFF behaviour reveals zombification, censorship: Reprinted with permission from Daniel Pocock
Links 11/02/2026: $700 Billion Slop Bill, Social Control Media Under Political Fire for Deliberate Health Harms: Links for the day
Mobbing at the European Patent Office (EPO) - Part VI - Attacks on Staff and Attacks on the Law Merit Another New Series: new series coming shortly
IBM's Financial Engineering (Accounting Fraud) Shell, Kyndryl Holdings Inc, is Insolvent: If this was done by the very same people who still run IBM, can we expect any better from "Sugar Daddy" IBM?
2026 a Very Productive Year and We Have Many Big Stories to Tell: maybe we'll produce 8,000 new articles/pages by year's end
Clownflare is in Trouble as Its Debt More Than Doubled in Less Than a Year, Expect Further Enshittification: Clownflare isn't free
After the Next Wave of Microsoft Layoffs Washington State Could be #1 for US Layoffs: Microsoft Corp shares were down yesterday
EPO's Local Staff Committee The Hague (LSCTH): The EPO is Generally “Managed by Excel” (Microsoft): The current management has basically defined corruption to be "success"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 10, 2026: IRC logs for Tuesday, February 10, 2026
Google Still Helping the Slop Pyramid Scheme, Encouraging Plagiarism Too: Google is a plagiarism company and it wants public solidarity for plagiarism by LLMs
Gemini Links 10/02/2026: "The Luminous Dead", Matrix, and Containers: Links for the day
Kyndryl CFO Harsh Chugh Comes From IBM (17+ Years): Who would want such a position?
IBM RAs (or PIPs) in London, England?: They try to keep the lid on it
International Buybacks Machines: Will the current US administration/regime look into IBM's accounting or only its mini me's?
IBM Could be the Next Kyndryl, a Dinosaur With Accounting Fraud: Many shareholders (or even pension funds) are taking a big hit today
Ian Murdock Died in San Francisco 10 Years Ago. Cops Led to His Death.: 10 years ago Ian Murdock died after cops had messed him up
US/Europe divergence: health & safety, criminality & Debian harassment culture: Open Digital Ecosystems submission F33370170: Reprinted with permission from Daniel Pocock
Links 10/02/2026: Splinternets and "Meta Goes to Trial in a New Mexico Child Safety Case": Links for the day
Russia and China Best Off Without GAFAM: What if they abandoned GAFAM?
Will Finns Put Out the Online Cigarettes?: More people recognise that the child porn site formerly known as "Twitter" and Cheeto/Pooh-tin controlled TikTok are no longer trustworthy
As the US Economy Sags Microsoft Layoffs Carry on (Now in Larger Waves Like 15,000 Per Season or 30,000+ Per Year): They try to avoid "negative" topics
GNU/Linux at 3.99% in Australia: now that Australians can no longer keep Vista 10
Microsoft Windows Falling: analytics.usa.gov Shows Rapid Erosion of Windows Market Share Since 'End of 10' (Vista 10)
Microsoft Windows Hits All-Time Low in The Netherlands in 2026: Europe needs to rid itself or wean itself off GAFAM
SRA: SLAPPs From Russian War Criminals and American Men Who Strangle Women Are Acceptable: The SRA, by inaction, is complicit in this
The Solicitors Regulation Authority (SRA) Delusion - Part IV - Machos in Charge of the House (and System), Even If the Faces Are Female (Optics): basically a Windows/Microsoft (US) shop
From Weber Shandwick (Microsoft PR) to Brett Wilson LLP (Hired Gun of the Serial Strangler of Microsoft): they basically tried to charge me a lot of money for a PR project of someone who strangled women
The Solicitors Regulation Authority (SRA) is Not a Regulator, It's Part of the Litigation "Industry" in the UK (They Overlap Each Other): Does nothing except talk about SLAPPs
Brett Wilson LLP Seems to Have Done for Roberto Foa What It Did a Year Earlier for the Serial Strangler from Microsoft: Repeat abusers (of the legal system) will misuse it as long as regulators do nothing
In Finland, Microsoft Falls Behind Yandex (Russia): Bing has had many layoffs in recent years
Security More Advanced in Geminispace Than on the Web (Bloat): For real security, use Geminispace capsules, not Web sites
Slop at Microsoft is a Miserable Failure, Now Microsoft Takes the "Vista Route" (Paying People to Say Good Things About It): This is brainwash, it's meant to delay the implosion of the bubble
Rumours About February 2026 Microsoft Layoffs: Silent Layoffs or 30,000 Culled Tomorrow: Sooner or later (and soon) Microsoft will need to say something and file some WARN notifications
GNU/Linux at 12% in Guam, Based on statCounter (Compared to 2-3% a Year Ago): Guam's "uptick" in GNU/Linux usage started weeks after "end of 10"
Where We Stand With the Winter Series: We'll need to protect names and sources
Fighting Slop With the Public Domain (and Why Slopfarms Perish Faster Than New Ones Appear): We can combat the nonsense by producing more human-made works until the slop bubble implodes
After Employee Reviews at IBM Staff Expects Another Large Wave of PIPs and "RAs" (Layoffs): From what we can see in the "public Web"
Gemini Links 10/02/2026: "The Last Messiah", Discord for Adults: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 09, 2026: IRC logs for Monday, February 09, 2026
Is Europe Abandoning Digital Opium?: GAFAM-controlled social control media
Mobbing at the European Patent Office (EPO) - Part V - Strongest Strike Under António Campinos: SUEPO Munich is also reminding people of the threat of PIPs
Microslop is Slop, Slop is Considered "Quality": no wonder Microsoft's stuff breaks down so often
thelayoff.com Deletes On-Topic Discussions (Layoffs) While Leaving in Tact Pro-Corporate Trolling Made by LLMs (Slop): Who at thelayoff.com deems spam made by LLMs (slop) to be on-topic and unworthy of zapping, whereas actually on-topic and authentic threads get routinely deleted?
Gemini Links 09/02/2026: Great Salt Lake Ecological Observatory and Offpunk 3.0 "A Community is Born" Release: Links for the day
Links 09/02/2026: Mass Plagiarism and Pollution/FakeCoin Company Nvidia Contacted Anna’s Archives, Narges Mohammadi Gets Second Prison Sentence: Links for the day
GNU/Linux May Have Grown to 7% in Equatorial Guinea: Has there been some kind of mass migration there or is this just noise in the data?
Links 09/02/2026: Russia Intentionally Killing Civilians, Jimmy Lai Effectively Sentenced for Life for Publishing News: Links for the day
Microsoft Competitions, Addictions, and Popularity Contests Are Not Going to Help Perl, They'll Waste Everybody's Time and Give Microsoft More Control Over Its Competition: Microsoft does not like Perl
A Can of WORMS - Part IV - They Would Even Attack RMS for Criticising Autocrats (Saying This is "Politics"): Conforming to society's perceived expectations isn't how effective activism can ever be done or was ever done in the recent past
Gemini Links 09/02/2026: The Exploration Myth and Making JavaScript Fun: Links for the day
EPO Outrage and Maintaining the Pressure: A vending machine does not fall over after a first push
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 08, 2026: IRC logs for Sunday, February 08, 2026
"Low Performer" and "Underperformer" as Harmful Misnomers That Damage a Company's Reputation: Misnomers need to be avoided or called out

Nothing New Under the Microsoft

Comments

Recent Techrights' Posts