If Microsoft Cannot be Sued Over Liability, Can it be Sued for Negligence?

Dr. Roy Schestowitz

2009-11-13 18:19:23 UTC
Modified: 2009-11-13 18:19:23 UTC

"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Summary: Microsoft's inability (or unwillingness) to protect customers from severe flaws raises important questions regarding negligence

AS WE stressed last year, Microsoft publicly addresses flaws it is aware of only/usually when attacks begin. Otherwise, Microsoft lies about security. It tells what shareholders want to hear. So although the test of liability may not pass legal muster, negligence does. Should Microsoft be sued as some journalists have already suggested?

The latest serious exploit that affects Vista 7 (there are more examples appended at the bottom of this post) is so valuable for showing how Microsoft ignores security problems and improperly handles them until it's too late. SJVN argues:

I do wonder sometimes about Microsoft's quality assurance. No, I tell a lie. I always wonder about Microsoft's quality assurance. As in, "How can they keep making mistakes like this?" In the latest, a new SMB vulnerability has been found and exploited that can lock-up any Windows 7 or Server 2008 R2 system.

As reported in ComputerWorld, Laurent Gaffie posted details of the vulnerabilities, along with proof-of-concept exploit code, to the Full Disclosure security mailing list today, as well as to his personal blog. Gaffie claimed that his exploit crashes the kernel in Windows 7 and its server sibling, Windows Server 2008 R2, triggering an infinite loop. Or, as he puts in so well in the exploit's code: "'Most Secure Os Ever' --> Remote Kernel in 2 mn. #FAIL,#FAIL,#FAIL"

[...]

Oh, and Microsoft, hurry up and fix this. OK? This is embarrassingly bad.

This is not just "embarrassingly bad", it is practically very bad because exploit code is already out there while Microsoft is still "investigating".

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.

Microsoft has been caught hiding vulnerabilities and their fixes (secret fixes which invisibility of proprietary software enables), probably for raves about numbers, i.e. illusion of safety. How long has Microsoft known about this for and why is there no patch yet? ⬆

On Vista 7 insecurity:

Recent Techrights' Posts

Libya's Share on the Web: 5.2% GNU/Linux: GNU/Linux has hit an all-time high there
Codecs and Software Patents - Part VI - The European Patent Office, Nokia, Microsoft, Sisvel, and More: Whatever Nokia used to be, it's certainly not an ally and a lot of the turmoil at the EPO is the fault of companies like Nokia
Links 11/05/2026: Another Oracle Setback and Mass Layoffs in Iran: Links for the day
Gemini Links 11/05/2026: Older Can Be Faster and Textmode Workflow: Links for the day
Links 11/05/2026: The Solicitors Regulation Authority (SRA) Admits It Only Reacts When It's Too Late (Damage Already Done), Ombudsman’s Animal Cruelty HK Report: Links for the day
If It Takes You a Second to Serve (or Receive) a Page, That's Definitely Too Slow: For speeds at milliseconds (e.g. for pages to fully load in a tenth of a second) the pages must be ready to be sent as soon as they're requested
It's Not About Speed, It is About Patience and Adherence to Truth, Principles, Scientific Integrity: attacks on us only ever made us stronger - a lesson that our adversaries have learned the hard way
Cyber Show Does it Like Techrights: Static and Gemini Protocol as 'First-Class Citizen': HTML and GemText (over Gemini Protocol) would be rendered in tandem
SLAPP Censorship - Part 73 Out of 200: Microsoft's Graveley and Garrett Remain Closely Connected in May 2026 ("Tag-Teaming" Against Bloggers in Another Continent): The phrase "judge a person by their friends" seems applicable here
Discussions About When the Axe Falls at IBM/Kyndryl (11,000 Layoffs Estimated): "Kyndryl restructuring should reduce overhead functions and reduce the number of managers that lack technical knowledge"
A World After Microsoft (and GAFAM) and After GitHub Shuts Down: the only growth area is debt
Fake News, Propaganda, and Misinformation: Microsoft Investing Money It Does Not Have in "Hey Hi" (for "Entertainment Purposes" Only): This will not end well
Today the Whole European Patent Office (EPO) is on Strike and Next Monday an Even Bigger Strike: the media refuses to cover these and is thus complicit
The Corrupt Lecture the Non-Corrupt - Part IXX - EPO Management Speaks of Reputation and Integrity While Putting Cocaine Addicts in Management: If the EPO values its "reputation", then it needs to start by ousting the management
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, May 10, 2026: IRC logs for Sunday, May 10, 2026
Links 11/05/2026: Security Breaches, Politics, and Energy Crunch: Links for the day
Gemini Links 10/05/2026: "Accidental Cameras" and "Addictive" Interfaces in Social Control Media: Links for the day
Codecs and Software Patents - Part V - A Reminder That GAFAM and the European Patent Office (Which Serves American Monopolists) Do Considerable Harm to the Commons and Culture: some 'breaking' developments
Gemini Links 10/05/2026: Inkscape, Guix, and Alhena 5.5.8: Links for the day
The "Alicante Mafia" at the European Patent Office (EPO) Experiments With New Methods for Crushing Industrial Actions: Open letter to VP1 and the COO [...] What does this tell us about the status quo at the European Patent Office, Europe's second-largest institution?
The Corrupt Lecture the Non-Corrupt - Part XVIII - "The European Patent Office (EPO) has a zero-tolerance policy for fraud" (except when managers do it): The guidebook of the EPO says fraud is not to be tolerated, but who enforces or revisits such "Red Lines"?
Links 10/05/2026: Hantavirus Brings Back 'Contact Tracing' Surveillance, "Staple Food Prices Soar in Iran": Links for the day
Microsoft XBox Staff Know They're in Trouble, They Try to Unionise Ahead of Mass Layoffs: As the slang goes, it's going to be a "bloodbath"
Links 10/05/2026: Fake Suicide Notes and New EU Restrictions on Slop: Links for the day
SLAPP Censorship - Part 72 Out of 200: Microsoft's Graveley and Garrett Signed Documents That Hold Them Accountable to Truth and Liable for Lies: Such collaborations are unsavoury and apparently unprofessional, too
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, May 09, 2026: IRC logs for Saturday, May 09, 2026
Gemini Links 10/05/2026: Travelling to Van and "Dark Mode" as Passing Fad: Links for the day
IBM's Kyndryl Holdings Inc Sank 70-75% in 'Value' in 10 Months, Will IBM Follow?: Kyndryl Holdings Inc now has a debt considerably higher than this company is said to be 'worth'!
Belated Sovereignty: GNU/Linux in Iran Skyrockets to 6% Amid Armed Conflict: unless they're truly in control of their networks, hardware and software, somebody else can control them
Gemini Links 09/05/2026: Liberation, The Nocturnals, Rediscovering Internet Radio, and More: Links for the day
Links 09/05/2026: Kremlin’s Biggest Day of the Year and FBI's Attack on the Media (to Save Face): Links for the day
Google is "Bullshit": Fix your slop, Google. It's broken.
SLAPP Censorship - Part 71 Out of 200: 5RB Barristers Made Tens of Thousands of Pounds by Changing From Plural to Singular for Microsoft's Graveley and Garrett: Could not even get the client's name right
Links 09/05/2026: "Grand Theft Oil Futures" and Mass Layoffs at Verizon: Links for the day
Gemini Links 09/05/2026: Inkscape "Copy Text Style" and NomadNet: Links for the day
The Corrupt Lecture the Non-Corrupt - Part XVII - European Patent Office (EPO) Management Not Sharing Responsibility for Financial Resources: For those who wonder, EPO strikes are still going on
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, May 08, 2026: IRC logs for Friday, May 08, 2026