Eye on Microsoft: Emergency, Botnets, and No Remedy

Dr. Roy Schestowitz

2009-07-26 08:50:30 UTC
Modified: 2009-07-26 08:50:30 UTC

Summary: Self-explanatory news about Microsoft and security

● Microsoft to issue emergency patches next week

Microsoft plans to issue two emergency patches next week that fix vulnerabilities in the Internet Explorer browser and Visual Studio developer suite that allow attackers to remotely execute malware.

● Software Crackdown

Cyber attacks seem to be getting more sophisticated by the hour. A few weeks ago malware known as Zero Day was found to have exploited a vulnerability in Microsoft's Windows operating system that could allow online criminals to take control of a computer from anywhere in the world without being detected. The operation involved what is known as "drive by" attacks, in which visitors to legitimate Web sites are redirected to a page that secretly downloads the malicious software.

● Microsoft admits it can't stop Office file format hacks

Microsoft's plan to "sandbox" Office documents in the next version of its application suite is an admission that the company can't keep hackers from exploiting file format bugs, a security analyst said today.

Comments

David Gerard

2009-07-26 19:01:17

Of course it's the formats! That's why every format vulnerability in MS Office is also found in OpenOffice.org ... oh wait, no they aren't. Gosh, it couldn't be crappy programming, or not validating untrusted input, or anything like that? I must be a zealot to think it.

Roy Schestowitz

2009-07-26 19:28:25

Yes, given more time I would have said something about the format issues.

Forget about malicious programs. When we have binary formats we also deal with malicious file formats and files that become malicious when merely interpreted, not executed.

David Gerard

2009-07-26 20:33:59

The real problem is that:

(a) in the '90s, Microsoft made a lot of their file formats dumps of C structs, for performance reasons;

(b) when this became incredibly hazardous with the Internet, and computers were powerful enough to check for malicious input ... they just kept on using the old code.

Then their master stroke of putting a complete programming language inside Office, thus inventing the macro virus.

Then their other master stroke of programs that execute any random instructions they happen to find in EMAIL MESSAGES.

INNOVATION!

Recent Techrights' Posts

IBM Misleads and Gaslights Investors With Slop Sold as "AI" (the Business is Waning, Mass Layoffs Continue): People who do this are dishonest. They should not be put in charge.
Why Microsoft Accenture Has So Many Layoffs in Recent Years: The debt of Accenture doubled a year ago
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 01, 2026: IRC logs for Sunday, February 01, 2026
Gemini Links 01/02/2026: Fossil Heating Installations and Some FOSDEM Coverage: Links for the day
The State of Memory Leaks in GNU/Linux: The issue won't be solved by adding more memory
Links 01/02/2026: Nvidia's Jensen Talks Down Microsoft 'Open' 'Hey Hi' and Britain's Starmer Makes Friends With China, Japan: Links for the day
Links 01/02/2026: Public TV Gutted by Cheeto, Billionaires Fund a Cheeto Propaganda Movie in 'Documentary' Clothing: Links for the day
The New Site ("New Techrights", SSG Since 2023) Exceeds the Old Site in Requests: The "New Techrights" gets about twice as many requests as the "old" (WordPress) "Techrights", the site of 2006-2023
20 Years Ago: Some time soon all this slop frenzy will become like yesterday's "blockchain" or "metaverse"
Gemini Links 01/02/2026: Zdzisław Beksiński and Disconnected Git Workflow: Links for the day
Talks About Nadella's Microsoft Exit After Chatter About Tim Crook Leaving Apple (Years Ahead of Retirement Age): Mass layoffs and record debt do not represent a company's health.
We Still Cover the Same Problems We Spoke of 20 Years Ago: We're not easily seduced by "novelty" (new things), we try to judge them critically
Patents Standing in the Way: They also cause environmental harm
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, January 31, 2026: IRC logs for Saturday, January 31, 2026
IBM, a Microsoft Company: Microsoft and IBM as a pair go a long way back
A Lot Less GAFAM in Scandinavia: Are they reacting to geopolitics and risks from the US?
IBM Kills Companies It Bought (Neudesic Seems Like Latest Casualty): Why isn't even a single publisher investigating those things?
Fake "Linux" Articles: Just because some platform has "Linux" in the domain name and/or site name does not imply that it is a news/Linux site
Gemini Links 31/01/2026: "Proof Without Content" and "Technology Connections": Links for the day
Links 31/01/2026: Microsoft "OpenAI Representatives Are Going to Critics’ Houses With Threats and Demands", Its Proprietary Chaffbot Faces More Lawsuits: Links for the day
Links 31/01/2026: "Introducing Encrypt It Already" and "Huge Cache of Epstein": Links for the day
A Can of WORMS - Part I - Trying to Throw RMS Under the Bus at MIT and Everywhere Else: This series won't give air to online 'trolls'
Mobbing at the European Patent Office (EPO) - Part I - An Introduction: When the series ends, some time around the second or third EPO strike of this year, we'll contact the relevant authorities and plead for intervention
The Solicitors Regulation Authority (SRA) Delusion - Part I - Who Regulates This Regulator? (Only Itself!): We won't self-censor or prematurely terminate this series
Norway Almost Trusts Russia More Than the Bill Gates (Sleeping With Young Russian Girls) Company, Microsoft: Microsoft represents crime
Riddle Us This... (Jim Zemlin and Bill Gates): Do these people even understand the literal meaning of "safe space"?
Is "Nobel Prize for Peace" a Sick Person's 'Code Word' for Gangbanging Now? Ask Bill Gates.: Watch all the Gates apologists getting all silenced/silent
BBC Gaslights Women Sexually Exploited (Many Under Legal Age) for Its Rich Sponsor, Bill Epsteingate (Gates): Is this a national broadcaster or a propaganda tool "For Rent"?
Microsoft 'Open' 'AI' Reportedly About to Become Bankrupt, Seeking Emergency Cash Infusion (Loans): the money promised to Microsoft 'Open' 'AI' failed to arrive
Gemini Links 31/01/2026: Deep Ice and Slide Rules: Links for the day
Writing About Abuse: Never ever allow misogynists to get their way if you strive to live in a decent society
MIT DEDP MicroMasters online learner's blog post about cover-up linked to resignation of Swiss financial regulator: Reprinted with permission from Daniel Pocock
Salary Erosion Procedure (SAP) as the Primary Reason for EPO Strikes: They focus on financials, as the corruption aspects are un-sayable or unspeakable, except in private
IBM Bluewashing: Feels Like IBM is Scuttling Neudesic (and Some of Red Hat): We recently saw some Red Hat staff joining a Microsoft proxy
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, January 30, 2026: IRC logs for Friday, January 30, 2026
Microsoft Stock Collapsing Due to the Slop Bubble and Microsoft is Hiding Budget 'Black Holes': Microsoft does not perform like it tells "the media" and "the market"