Bonum Certa Men Certa
British Universities Under Siege Because of Microsoft Windows, One Goes Offline | How Patent Trolls Harm Free Software and How the European Parliament Plans to Make the Trolls Even Stronger

Microsoft Security Negligence Confirmed: Critical Internet Explorer Flaw Known and Ignored for 4 Months



Summary: The newest facts show that Microsoft knowingly refused to fix flaws that led to tremendous damage; lies from Microsoft (about its competition) are refuted as well

IN MANY RECENT posts about Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8], we have pointed out Microsoft's pattern of negligence [1, 2, 3], which always passes costs (damages) to the public. Microsoft should probably be sued for it, rather than make money from it. Microsoft -- like Goldman Sachs -- is making a lot of money out of a crisis caused by its own risk-taking.



Here are some self-explanatory news headlines:

Microsoft lies to your face about browser security

Microsoft’s Head of Security and Privacy in the UK has told TechRadar that people who jump ship from Internet Explorer after the recent spate of bad headlines risk ending up on a less secure browser. With France and Germany both advising a move away from Internet Explorer, things are far from rosy for Microsoft’s browser [...yet] Microsoft’s UK security chief Cliff Evans insists that a non-Microsoft browser is the worse option. “The net effect of switching [from IE] is that you will end up on less secure browser,” insisted Evans. “The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.

Let’s fight FUD with facts…

Vulnerability Report: Mozilla Firefox 3.5.x Unpatched: 0

Vulnerability Report: Google Chrome 3.x Unpatched: 0

Vulnerability Report: Opera 10.x Unpatched: 0

Vulnerability Report: Apple Safari 4.x Unpatched: 0

Vulnerability Report: Microsoft Internet Explorer 6.x Unpatched: 24 Most Critical Unpatched: Extremely critical

Vulnerability Report: Microsoft Internet Explorer 7.x Unpatched: 11 Most Critical Unpatched: Extremely critical

Vulnerability Report: Microsoft Internet Explorer 8.x Unpatched: 4 Most Critical Unpatched: Extremely critical

My recommendation if you use Windows: make sure the version of IE that’s installed (because you can’t uninstall it!) is the latest/least vulnerable (IE8) and then install at least one of the non-IE browsers listed (personally I always recommend Firefox :) and then use THAT. Of course, you could always switch to a Mac or Linux…


Microsoft patches IE, admits it knew of bug last August

As Microsoft patched the Internet Explorer (IE) vulnerability that was used to break into Google's network, it also acknowledged that it had known of the bug since August 2009, when an Israeli security company reported the flaw.


MS knew of Aurora exploit four months before Google attacks

Microsoft first knew of the bug used in the infamous Operation Aurora IE exploits as long ago as August, four months before the vulnerability was used in exploits against Google and other hi-tech firms in December, it has emerged.

Redmond's security gnomes finally got around to patching the exploit on Thursday. the hack attacks against Google et al targeted IE 6, a browser first released in 2001. Exploits involved tricking users of vulnerable browsers into visiting booby-trapped websites. These sites downloaded the Hydraq backdoor Trojan and other malicious components onto compromised PCs.

[...]

A quick search of Secunia's database, via its PSI patching tool, reveals a problem with an unpatched ActiveX control that looks just as bad, for example.


Emergency IE patch goes live as exploits proliferate

Microsoft released an emergency security update for all versions of Internet Explorer on Thursday as attacks exploiting a critical vulnerability in the widely used browser spread to hundreds of websites.

[...]

While some of the sites hosting the attacks were free services that had been co-opted, others appeared to be domains of legitimate companies that had been compromised.

[...]

In an admission that's sure to spark criticism, Microsoft said it learned of the critical bug more than three months ago.

[...]

The unscheduled bulletin fixes a memory corruption flaw in most versions of the widely used browser that allows attackers to execute malicious code simply by luring victims to a booby-trapped website. It fixes seven other privately reported vulnerabilities, some of which also made remote code execution possible, that Microsoft had been planning to issue next month during its next regularly scheduled patch release.

[...]

Systems compromised by the sites reported by Symantec were infected with a backdoor that collected registry settings and other system information and sent it to an email address that was under the control of attackers. That email address has since been disabled, Talbot said.


Widespread Attacks Exploit Newly Patched IE Bug

The first widespread attack to leverage a recently patched flaw in Microsoft's Internet Explorer browser has surfaced.

Starting late Wednesday, researchers at antivirus vendor Symantec's Security Response group began spotting dozens of Web sites that contain the Internet Explorer attack, which works reliably on the IE 6 browser, running on Windows XP. The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system, said Joshua Talbot, a security intelligence manager with Symantec.

Once it has infected a PC, the Trojan sends a notification e-mail to the attackers, using a U.S.-based, free e-mail service that Symantec declined to name.


Make the right browser update: Firefox 3.6

Neolithic Windows security hole alive and well in Windows 7

One of the reasons I've never liked Windows is that it was never made to deal with the security problems of working in a networked, multi-user world. As a direct result, Windows has been fundamentally insecure for more than a decade. Even so, I was surprised to find that there's a 17-year old security hole that's been in Windows since NT and it's still present today in Windows 7.

Wow. Even I'm shocked by this latest example of just how rotten Windows security is. It just reminds me again though that while Microsoft keeps adding features and attempting to patch its way out of security problems to Windows, Windows' foundation is built on sand and not on the stone of good, solid design.

[...]

Be that as it may, the code's still in there. An attacker can trigger the vulnerability through a variety of means. The end-result is, surprise, another Windows machine that's totally owned by the attacker. Once in charge, they can vacuum down your files, install malware, and all the other usual tricks.


Vista 7 was never secure to begin with. See the examples below.

  1. Cybercrime Rises and Vista 7 is Already Open to Hijackers
  2. Vista 7: Broken Apart Before Arrival
  3. Department of Homeland Security 'Poisoned' by Microsoft; Vista 7 is Open to Hijackers Again
  4. Vista 7 Security “Cannot be Fixed. It's a Design Problem.”
  5. Why Vista 7 Could be the Least Secure Operating System Ever
  6. Journalists Suggest Banning Windows, Maybe Suing Microsoft Over DDoS Attacks
  7. Vista 7 Vulnerable to Latest “Critical” Flaws
  8. Vista 7 Seemingly Affected by Several More “Critical” Flaws This Month
  9. Reason #1 to Avoid Vista 7: Insecurity
  10. Vista 7 Left Hijackable Again (Almost a Monthly Recurrence)

Comments

British Universities Under Siege Because of Microsoft Windows, One Goes Offline | How Patent Trolls Harm Free Software and How the European Parliament Plans to Make the Trolls Even Stronger

Recent Techrights' Posts

Sanitised Plagiarism as "AI" (How Oligarchy Plots to Use Slop to Hide or Distract From Its Abuses, or Cause People Not to Trust Anything They See/Read Online)
This isn't innovation but repression
Recent Layoffs at Red Hat (2026 the Year of Ultimate Bluewashing)
I found it amusing that Red Hat's CEO has just chosen to wear all blue, as if to make a point
Team Campinos Talks About SAP Days Before EPO Industrial Actions and a Day Before the "Alicante Mafia" Series (About Team Campinos Doing Cocaine)
EPO staff that isn't morally feeble will insist on objecting to illegal instructions
Stack(ed) Rankings and Ongoing Layoffs at Red Hat and IBM (Failure to Keep Staff Acquired by IBM)
IBM is mismanaged and its sole aim is to game the stock market (by faking a lot of things)
Linuxiac May Have Reverted Back to LLM Slop (Updated Same Day)
Is he back off the wagon?
Links 15/01/2026: Internet Blackouts, Jackboots Society in US
Links for the day
 
Naming Culprits in Switzerland
Switzerland is highly secretive about white-collar crime
IBM's 'Scientific-Sounding' Tech-Porn Won't Help IBM Survive (or Be Bailed Out)
Who's next in the pipeline?
IBM Was Never the Good Guy
its original products were used for large-scale surveillance, not scientific endeavours
The Bluewashing is Making Red Hat Extinct (They All Become "IBM", Little by Little)
IBM does not care what's legal
Slopfarms Push Fake News About Microsoft Shutdown, 30,000+ Microsoft Layoffs Last Year Spun as Only "15,000"
The Web is seriously ill
Countries Take Action Against Social Control Media and 'Smart' 'Phones', Not Slop (Plagiarised Information Synthesis Systems or P.I.S.S.)
None of this is unprecedented except the scale and speed of sharing
Sites That Expose Corruption Under Attack, Journalism Not Tolerated Anymore (the Super-Rich Abuse Their Wealth and Political Power)
Sometimes, albeit not always, the harder people try to hide something, the more effective and important it is for the general public
Links 16/01/2026: Social Control Media Curbs in Australia Underway, MElon Still Profiting by Sexualising Kids 'as a Service'
Links for the day
More People Nowadays Say "GNU/Linux"
We still see many distros and even journalists that say "GNU/Linux"
LLM Slop on the Web is Waning, But Linuxiac Has Become a Slopfarm
I gave Linuxiac a chance to deny this or explain this; Linuxiac did not
More Signs of Financial Troubles at Microsoft, Europe Puts Microsoft Under Investigation
The end of the library is part of the cuts
The "Alicante Mafia" - Part I - An Introduction to the Mafia Governing the EPO
Are some people 'evacuating' themselves to save face?
Pedophilia-Enabling Microsoft Co-founder Cuts Staff
Compensating by sleeping with young girls does not make one younger
Microsoft Shuts Down Campus Library, Resorts to Storytelling About "AI" to Spin the Seriousness of It
Microsoft is in pain
Free Software Foundation (FSF) Back to Advertising the Talks of Richard Stallman
A pleasant surprise
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 15, 2026
IRC logs for Thursday, January 15, 2026
Gemini Links 16/01/2026: House Flood and Pragmatic Retrocomputing Dogfooding
Links for the day
Links 15/01/2026: Starlink Weaponised for Regime Change (by Man Who Boasted About Annexing South American Countries for Tesla's Mining), Corruption in Switzerland Uncovered by JuristGate
Links for the day
GAFAM and IBM Layoffs Outline
a lot of the layoffs happen in secrecy and involve convincing people to resign, retire, relocate etc.
Coming Soon: Impact With EPO Cocainegate
Will Campinos survive 2026?
The Last 'Dilberts' or Some of the Last Salvaged (Comic Strips Which Disappeared Shortly After They Had Been Published)
Around the time the creator of Dilbert went silent he published some strips mocking TikTok and usage of it
The Creator of Git Probably Doesn't Know How to Install and Deploy Git
Nobody disputes this: Mr. Torvalds created Git
Slop is a Liability
Slopfarms too will become extinct because people aren't interested in them
GAFAM is a National and International Threat to Everybody
GAFAM is just a tentacle in service of imperialism
EPO People Power - Part XXXVI - In Conclusion and Taking Things Up Another Notch
They often say that the law won't deter or stop criminals because it's hard to enforce laws against people who reject the law
Running Techrights is Fun, Rewarding, and Gratifying
In Geminispace we are already quite dominant
Red Hat is Connected to the Military, Its Chief Comes From Military Family (From Both Sides)
The founder of Red Hat's parent company literally saluted Hitler himself (yes, a Nazi salute)
Don't Cry for Gaslighting Media in a Country Which Loathes the Press
my wife and I received threats for merely writing about Americans
Red Hat (IBM) is Driving Away Remaining Fedora Users
I've not used Fedora since Moonshine
Robert X. Cringely Has Already Explained IBM's Bullying Culture (Towards Its Own Staff)
IBM is a fairly nasty company
Proton Mail compromise, Hannah Natanson (Washington Post) police raid & Debian
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 14, 2026
IRC logs for Wednesday, January 14, 2026
Gemini Links 15/01/2026: "Ode to elinks", envs.net Pubnix and Downtime at geminiprotocol.net
Links for the day
Still Condoning Child Labour and Exploiting Unpaid Children Developers as PR Props (to Raise Monopoly Money)
These people lack morals. So they project.
"Security, AI or Quantum" on "the IBM Titanic"
Who's RMS?
Hours Ago The Register MS Published Microsoft Windows SPAM "Sponsored by Intel." The Fake 'Article' Says "AI" 34 Times.
The Register MS isn't a serious online newspaper
EPO People Power - Part XXXV - Where Else Will Corruption and Substance Abuse be Tolerated?
We need to raise standards
Status and Capital
People who do a lot are too busy to boast about it and wear fancy garments
IBM Paying the Price for Treating Workers Badly and Discarding Real Talent (Because It's "Expensive")
IBM is dead man walking
Turbulence Ahead
I last rebooted my laptop in 2023
Google News Rewards Plagiarism With LLMs (About Linux, Too)
Google is in the slop business now
Links 14/01/2026: Failing Economy and Conquest Abroad as a Distraction From Domestic Woes
Links for the day
Gemini Links 14/01/2026: The Ephemerality of Our Digital Lives and "Summer of Upgrades"
Links for the day
Projection Tactics - Part III: Silencing Inconvenient Voices Online
If X gets banned in the UK, it'll be hard to see what the spouse says in public
Outsourcing on Microsoft's Agenda, Offshoring Also
"In some cases, India hiring is poised to replace certain roles previously based in the U.S."
Links 13/01/2026: 'Dilbert' creator Scott Adams Passes Away With Cancer, Ban on X/Twitter Considered for CSAM Profiteering
Links for the day
The Goal is Software Freedom for All
Anything to do with "Linux Foundation" is timewasting
Reminder That Red Hat Enterprise Linux (RHEL) Is Not Free, And It's Because of IBM
software freedom just 'gets in the way'
Under IBM, in Order to Game the Stock Market, Red Hat Resorted to Boosting the Biggest Ponzi Scheme in Human History
This is what IBM turned Red Hat into
Revision handed Microsoft the keys to the distortion of the past/history
This isn't the first time The Register MS rewrites computing history in Microsoft's favour, as we pointed out several times in past years
What Will Happen to GAFAM After the US Defaults Rather Than Bails Out the Market?
Or tries to topple every government that doesn't play by its rules?
EPO People Power - Part XXXIV - Bad Optics for the European Union (for Failing to Act and Tolerating Cocaine Use in Europe's Second-Largest Institution)
There are principles in laws which tie awareness with complicity
EPO's Central Staff Committee is Now Redacting (Self-Censoring) Due to Threats From the EPO "Mafia"
"On the agenda: salary adjustment procedure for 2025 (as of January 2026)"
"AI" (Slop) 'Demand' Isn't Growing, It's Fake, It's a Pyramid Scheme
They try to resort to 'creative' accounting (fraudulent schemes like circular financing)
Difficult Times at IBM and Microsoft Ahead of Mass Layoffs (Probably Before This Month's Results Unless Postponed to 'Prove' Rumours 'Wrong')
IBM and Microsoft used to be tech giants. Nowadays they mostly pretend by pumping up their stock and buying back their own shares.
Canonical: Make Ubuntu Bloated (Debian With Snaps), Then Sell the 'Debloated' Version for a Fee
If people want a light distro, then they ought not pay Canonical but instead choose a light (by design) GNU/Linux distro
People Don't Want "Just Enough", They'll Look for Quality
That's why slopfarms will go away or become inactive
Gemini Links 14/01/2026: 3D and Tiny Traffic Lights Pack
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 13, 2026
IRC logs for Tuesday, January 13, 2026
Slop Waning Whilst Originals Perish
Slop is way past its "prime"
XBox's 'Major Nelson' Loses His Job Again, This Time in a Microsoft Mono Pusher
Microsoft hasn't much of a future in gaming. XBox's business is in rapid decline and people who push Mono to game developers are the same