Nothing New Under the Microsoft

Dr. Roy Schestowitz

2008-12-11 11:28:36 UTC
Modified: 2008-12-11 11:28:36 UTC

Cracker

Microsoft's handling of security is a cyclic routine that goes like this:

Many flaws get reported, accumulated, and then mostly ignored
Attacks on the unpatched flaws begin, so Microsoft 'kindly' bothers to work on patches in a rush
Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
Patches arrive too late, after many servers and desktop have already been hijacked
A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
Patches turn out to be dysfunctional and consequently many computers are left out of services
Microsoft reworks the patches and then delivers a patch to the broken patches
Repeat (1)

This month was no exception. Microsoft delivered half a dozen "critical" patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers. ⬆

____ [1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.

[2] Two new zero-day exploits dent Microsoft's Patch Tuesday

Microsoft's Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.

[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company's Internet Explorer (IE) browser.

[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.

[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.

Comments

pcolon

2008-12-11 11:47:33

MS can spin this to increase their server footprint without having to embrace Apache by claiming "MS has the real "A-Patchy" servers .
Richard Mclaughlin

2008-12-11 22:41:13

actually, it's more like this. Patches are released. smart people and IT departments install them. average joe blow doesn't. Hacker looks at the hole the patch fixed and attacks the hole. systems go down because people didn't upgrade when the patch came out.

Having run call centers for 15+ years, I know this to be a fact.
Roy Schestowitz

2008-12-11 22:53:48

How many of those "smart people" actually get 'burned' for installing bad patches? Quality counts too.

The lateness of some patches is another issue that is raised above. As the new references show, Windows is already vulnerable again and no patches will have arrived until next month.

"Use Wayland" Isn't a Bugfix for X (X11 is Still Necessary): They tell us X is "dead" and we must all be herded into Wayland ASAP
The New Head of OSI is an "Hey Hi" (AI) Obsessed Person: when Bryant says "AI" that doesn't mean AI
"Governments, local authorities, schools and hospitals can lead by example by procuring only Free Software": Crossposted from Tux Machines
Cindy Cohn Leaving the Electronic Frontier Foundation While Its Co-founder John Gilmore, Whom She Apparently Helped Oust, Will Celebrate 40 Years of the Free Software Foundation, Inc.: EFF has been busy hoarding GAFAM money, whereas the latter is where all the real activism is done
"Google is Googlebombing KDE's Project Banana": So is Google googlebombing KDE's Project Banana? You decide.
Some Very Large IRC Networks Are Growing: IRC will turn 38 next year
What Ruben Amorim and Stefano Maffulli Have in Common: Censors Wikipedia and Social Control Media
Microsoft Won't Cooperate in Trying to Tackle EPO Corruption (Microsoft Profits From This Corruption): Use something like BigBlueButton, Jami, Ring, and Jitsi instead
Links 16/09/2025: "The Censorship Alarm Is Ringing in the Wrong Direction" and ASRock Does Microsoft E.E.E. on GNU/Linux: Links for the day
Serious "Breach of Confidentiality of Personal Data" in Europe's Second-Largest Institution, the EPO: Yes, the same EPO that routinely uses "data protection" and "GDPR" as a pretext for hiding or covering up its corruption and white-collar crimes (it even uses that as an excuse for refusing to obey courts' orders)
Adrienne Rockenhaus Says Her Husband Was Arrested for Running Tor and Denied Basic Rights in the United States: the US seems to be getting "russified" in its approach towards Tor
This is What Happens When Microsoft Canonical Lets Decisions on Ubuntu be Made by a Youngster From the British Army (Where He Did Mass Surveillance): "Is Ubuntu Compromised?"
Back Doored Windows Giving GNU/Linux a Hard Time (Under the Guise of 'Security'): Is this complication intentional? Most likely, yes
Links 16/09/2025: Science, Security, and Conflicts: Links for the day
Gemini Links 16/09/2025: Command-line Options in POSIX Shell and Introducing Acre 0.9: Links for the day
Microsoft 'Secure' Boot Versus Dual Boot With GNU/Linux: they're meant to assume everything is OK
Links 16/09/2025: While Oracle Pretends to be Rich It's Firing About 70 MySQL Workers, "Oracle's Revenge" (Faking Demand With "AI"): Links for the day
Microsoft Has Just Published a New Web Page About "Secure Boot Update Process" (Microsoft Also Admits Issues; PCs Can Stop Booting): Why was this page issued and published only hours ago?
Microsoft Lunduke: I Spread Hate and Then I Receive Hate: Cry us a river, Microsoft Lunduke
"Disable Secure Boot and Fast Boot. Wipe and Start Over.": At least they didn't say, buy a new computer...
The Oracle Ponzi Scheme: Oracle isn't doing well, but it's nowadays fashionable to say "clown" and "hey hi" to prop up one's stock, even based on nothing at all
Taking Out the Battery, Opening Up Your Computer, Just Like a "Normie" Would: At this stage, any person who still says "enable Secure Boot" is misguided or persuaded by companies that sell rootkits
Slopwatch: Serial Sloppers and Slopfarms Still Infesting Google News (Fake 'Articles' About "Linux" Spreading FUD): searching for "Linux" today yields a lot of FUD
The Reach of Techrights Has Broadened: We nowadays cover a broader range of issues
Complicating Things for No Actual Benefit, Just Added Risk and More Difficulties Adding GNU/Linux and BSDs: Watch what it's like for people who wish to use BSDs
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, September 15, 2025: IRC logs for Monday, September 15, 2025
Links 16/09/2025: Autumn Party, RPG Planet, and Optical ROOPHLOCH: Links for the day
Geminispace Growing at Pace of Over 10% Per Year: Contrary to what some pessimists try to claim
Linux Mint Forums Today: Disable 'Secure Boot', It Doesn't Improve Security, It's Just a Microsoft Obstacle to GNU/Linux Users: They also mention MOK
Solved Less Than an Hour Ago: Trying to Escape Windows, 'Secure Boot' Gets in the Way: 'Secure Boot' wasn't meant to even exist in the first place
Stefano Maffulli, Executive Director of the Open Source Initiative, Resigns or Gets Removed (We'll Continue Covering OSI Scandals): A dozen mentions of "AI", not much about "Open Source"
Andy Has Just Nailed It (Regarding Complexity and Failure, a la UEFI): The users no longer own or control what they buy
Compatibility Support Module (CSM) Versus GNU/Linux Simplicity: what Andy recently called "solutionism"
Links 15/09/2025: "Postal Traffic to US Down by Over 80%" and 'Smart' Spinozacampus Laundry Room Goes AWOL: Links for the day
Gemini Links 15/09/2025: Dungeon Hustle and Deleting Oneself From the Net: Links for the day
Breach of EPO's Duty of Care or Cigna Reimbursement Issues: This is the sort of thing that motivated Luigi Mangione to assassinate a CEO
Ask Ubuntu About "Secure Boot" Violation and Laptops That Don't Boot GNU/Linux: Does anyone still believe that "Secure Boot" has anything at all to do with security?
We Are Sad to Hear the Story of Jonathan Riddell, Champion of KDE and GNU/Linux on Desktops/Laptops: I have enormous respect for Jonathan and everything he has done
Talking About the Problem vs Talking to the Problem: Wanting an audience is never a good excuse for compromising one's values and principles
Focusing on Patents: The reason we cover the EPO so much is that it's close to home
"Secure Boot Violation": The 'Joys' of Fake Security Gone Wrong: Not everyone reboots every day
Links 15/09/2025: Russia Invades Romanian Airspace, Penske Media Sues Google Over LLM Slop: Links for the day
Links 15/09/2025: Bitcoin ATMs Scam and "Conservative Cryptography" (Backdoors Fantasies): Links for the day
EPO Imitates Microsoft: "Three Days or More Per Week" Inside the Office to Get a Desk to Work on; "the Office Breaches Its Promise Towards Staff and Acts in Breach of Its Duty of Care": The EPO serves no actual function in Europe
Links 15/09/2025: Political Affairs, Censorship, and Copyrights: Links for the day
Gemini Links 15/09/2025: Music Genres, Invisible Networks, and Akademy 2025: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, September 14, 2025: IRC logs for Sunday, September 14, 2025
Satya's Plan B: Try to Hide the Massive Extent/Scale/Scope of Microsoft Layoffs: fewer people buy Microsoft
Red Hat News About De Facto Mass Layoffs (Bluewashing) Gone From Reddit (Censored by Gatekeepers), Still Online in The Register: With RTOs, PIPs, relocation etc. expect IBM to "shed off" many Red Hatters
UEFI "Secure Boot Doesn’t Play Nice at the Moment": UEFI "Secure Boot" does not improve security. It's an artificial obstacle in service of monopoly.
Gemini Links 14/09/2025: ROOPHLOCH, Music, and Reddit: Links for the day
If You Want to "make your 'Windows PC' lean, mean, and fast" You Will Install GNU/Linux or Some BSD: That kind of article says a lot about IDG
Slopwatch: Google News Infested With Slop (About Half of the Results for "Linux" Today): This is the sort of junk one finds when looking for "Linux" in Google News these days
Links 14/09/2025: Ricky Hatton Dies and McDonald's Declares War on Tipping Culture: Links for the day
Links 14/09/2025: Disasters for CEOs Obsessed With Slop and Slop Companies School Like Fish: Links for the day
"Bad Shim Signature" (Microsoft 'Secure' Boot): "Fresh install not booting"
What Microsoft Garrett and Microsoft Lunduke Have in Common: Similar tactics, different "wings"
Links 14/09/2025: US "Economy Sagging", "Michigan Economy Wobbles From Tariffs": Links for the day
Gemini Links 14/09/2025: Minimalist Snippet Manager and Omarchy Linux: Links for the day
The Face of the Digital Far Right: Microsoft Lunduke: Microsoft Lunduke is an online extremist that belongs to and panders to the far right
20 Years Later and Academia Isn't the Same: "I never dreamed of being a professor"
'Cancel Culture' by the Right: Microsoft Lunduke Contacts People's Employers Trying to Get Them Fired: Microsoft Lunduke panders to extremists online
"Bad Shim Signature"; So 'Secure' That It Overrides Users' Preferences and Turns Itself Back on (Coercive Measure): This was a few hours ago
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, September 13, 2025: IRC logs for Saturday, September 13, 2025

Nothing New Under the Microsoft

Comments

Recent Techrights' Posts