Bonum Certa Men Certa

Nothing New Under the Microsoft

Cracker



Microsoft's handling of security is a cyclic routine that goes like this:

  1. Many flaws get reported, accumulated, and then mostly ignored
  2. Attacks on the unpatched flaws begin, so Microsoft 'kindly' bothers to work on patches in a rush
  3. Patch Tuesday arrives and Microsoft delivers a slew of patches (occasionally delivering nothing critical for bragging rights in the press, only to deliver a massive number of critical patches the following month, i.e. deferral)
  4. Patches arrive too late, after many servers and desktop have already been hijacked
  5. A number of zero-day flaws emerge, some of which exploiting vulnerabilities Microsoft has been aware of for a long time
  6. Patches turn out to be dysfunctional and consequently many computers are left out of services
  7. Microsoft reworks the patches and then delivers a patch to the broken patches
  8. Repeat (1)


This month was no exception. Microsoft delivered half a dozen "critical" patches (usually meaning that the vulnerability they patch enables crackers to seize full control of a to-be-compromised machine).

Appended below are reports from the past couple of days alone. The lies need to end because everyone suffers.

____ [1] Another Microsoft Bug Revealed on Huge Patch Day

Along with its biggest patch release in five years, Microsoft warned on Tuesday of another potentially dangerous vulnerability in its software.

The problem lies within the WordPad Text Converter for Word 97 files, Microsoft said in an advisory.

The systems affected include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Microsoft said. XP Service Pack 3 and the Vista operating systems are not affected.


[2] Two new zero-day exploits dent Microsoft's Patch Tuesday

Microsoft's Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.


[3] New Web Attack Exploits Unpatched IE Flaw

As Microsoft readies its latest set of security updates, online attackers have begun exploiting a new flaw in the company's Internet Explorer (IE) browser.


[4] Third Zero Day exploit appears

Microsoft has confirmed it is investigating another zero day exploit.


[5] Security vulnerability found in MS SQL Server 2000

SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain.


Comments

Recent Techrights' Posts

They Will Never Leave Linus Torvalds Alone, Rust is Just Another Way to Cause Instability and Infighting in Linux
We already identified the Rust "community" as troublemakers more than 5 years ago and we wrote about the evidence
Slopwatch: Anti-Linux Articles Published by Bots, Dominating Google News
So a lot of the Web is Microsoft chatbot-generated anti-Linux FUD
 
Gemini Links 14/02/2025: Mysterious Friend and "Eight by Eight"
Links for the day
Slopwatch: All Those New 'Articles' Are Fake and Crafted by Chatbots (LLM Slop)
Google News is promoting these as "Linux" news; they're not even made by humans
Apple: Social Justice or Social Nationalism?
Remember to buy Apple, folks
Links 14/02/2025: Mass Layoffs at Sophos, Chatbots Failing Very Badly, "DOGE as a National Cyberattack"
Links for the day
Moving Away From Certificate Authorities (CAs) Like Let's Encrypt Means Taking Away From the US Government the Power to 'Censor' Sites by Revoking Certificates
Gemini capsule is cheap to run and easy (easier than a Web site) to maintain. More people disillusioned and frustrated with social control media flock to it.
BetaNews' Managing Editor Wayne William Took Charge of GNU/Linux Articles and His Articles Are Real (He Actually Wrote Them)
We are frankly relieved to see that Wayne William recognised the problem and did something about it
Links 14/02/2025: Publicity Rights Violated (ByteDance), Bribes to Trump Passed via Social Control Media 'Settlements' Again
Links for the day
Gemini Links 14/02/2025: Constitution, Cosmic DE, and More
Links for the day
Links 14/02/2025: Measles Outbreak in Texas, Zelensky Warns Russia Will Attack a NATO Country
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 13, 2025
IRC logs for Thursday, February 13, 2025
Gemini Links 13/02/2025: gwit and Restart
Links for the day
Links 13/02/2025: Algorithm Bots and 'Teleport' Breakthrough
Links for the day
EPO Staff Representatives Confront the President Who Says 'F--king' in Front of Female Workers Over Measurable Discrimination Against Female Colleagues
Central Staff Committee versus Lukashenko's sponsor
IBM Layoffs in 'RTO' Clothing Reported by Thomas Claburn
This "hey hi" (AI) nonsense is just a go-to excuse that IBM and GAFAM (and many others) use
Still Waiting for the EU to Abolish the Illegal and Unconstitutional Court Linked to EPO Corruption and Lobbyism by the Patent Litigation Industry
Sadly, all the blogs that used to talk about those issues have been infiltrated and then completely hijacked by the very perpetrators of the illegality
Social Engineering of the Free Software Movement is a Corporate Takeover With Code of Conduct (CoC) to Drive Out or Expel Dissent
Richard Stallman (RMS) covered "cancel culture"
Links 13/02/2025: Mass Layoffs at Google (Disguised as "Buyouts"), Telecoms Price Hikes as Collusion/Price-Fixing
Links for the day
[Video] Richard Stallman Questions and Answers Session in Google's YouTube or Invidious
From last night
Gemini Links 13/02/2025: Broken Watches and Naming Types
Links for the day
Corrupt Bill Gates Worming His Way Into Richard Stallman Videos in Google's YouTube
Reputation laundering riding other people's names?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 12, 2025
IRC logs for Wednesday, February 12, 2025
Links 12/02/2025: Crytek Layoffs, Security Holes, and Giving Ukraine to Russia
Links for the day
Relaying GAFAM Talking Points and Lies Using GAFAM LLMs, or Slop Pasted in by Brittany Day
linuxsecurity.com is relaying slop, i.e. misinformation
Photos From This Evening's Talk by Dr. Richard Stallman in Torino, Maybe a Video Soon
The talk that Dr. Richard Stallman gave today (a few hours ago) was recorded and streamed
IlSoftware.it Covers Richard Stallman's Visit to Give Talks in Italy
The publication is in Italian, the talk was in English
Macho Patent Office
At the EPO there's always room for women in top roles
Gemini Links 12/02/2025: "Bream Gives Me Hiccups", Making Chinese Tea, and More
Links for the day
This is Why Codeberg Issues an Apology Today
This response was clear and relatively swift
The Register Studies (to Affirm) Reports of IBM Layoffs "at the Finance and Operations business unit"
something about that specific unit
Links 12/02/2025: SSL FUD, DEI Phase-out, Felonies Committed by MElon (Data Breaches)
Links for the day
Italian Media Covers Richard Stallman's English Talk Ahead of Tonight's Public Appearance
article in La Stampa
Destruction and Distortion of Information, Including Facts About Linux (Bonus: This is Destroying the Planet)
All that LLMs have going for them is hype, and moreover media that intentionally misrepresents them and their supposed capabilities
Google Seems to Have Just Killed All Instances of Invidious
YouTube is rapidly becoming just "another Neflix"
Microsoft Skype in a Freefall: About 20% Decrease in Site Traffic in 3 Months (Amid Microsoft Phasing Out Credits)
Microsoft axing more services/features may mean that now they scrape the bottom of the barrel and Skype will simply die, discontinuing service (like ICQ) in a matter of years
Gemini Links 12/02/2025: Depression, Gabbro, WikiTok, and More
Links for the day
Links 12/02/2025: Health, Security, and Monopolies
Links for the day
Gemini Protocol is Increasingly Important to the Net
Gemini Protocol will turn 6 this summer
Former EPO Manager Warns That the Illegal 'Court' for "Unitary Patents" Enables “Law Shopping”
Daniel X. Thomas opposed the very existence of the UPC, which any honest person could recognise was both illegal and unconstitutional
Like GAFAM, the EPO is Passing the Financial Pains to Staff
the EPO is operating illegally at this point
Morale at Microsoft Ruined by the Company Labelling Thousands of Workers 'Low Performers', Sacking Them on the Spot and Denying Them Basic Benefits
people laid off as "low performers" go to social control media to bemoan the label
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 11, 2025
IRC logs for Tuesday, February 11, 2025