Bonum Certa Men Certa

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Microsoft lies



Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT'S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft's silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft's claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.



Microsoft Official Admits to Quiet Security Patching



Microsoft doesn't report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

"We don't document every issue found," Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company's corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.


Finally. Thanks for the honesty. So how much damage has been caused by Microsoft's lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It's the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn't a long history of systematic lying, unlike Microsoft.

"Microsoft smacks patch-blocking rootkit second time," says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.


Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin's claims, but hinted that Microsoft wouldn't be patching IE anytime soon. "I wouldn't classify this as a 'vulnerability' though," Bryant said in an e-mail answer to questions.


The followup says:

Will browser makers patch this? Unlikely. Microsoft's Jerry Bryant, a general manager at the company's security response center, said the issue isn't a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that's the way browsers work.

"Working with [Raskin's] proof-of-concept, as written, is expected," he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.


Let's remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city's website twice in the past week.


If Microsoft gets involved, then it almost must be a Windows server.

Comments

Recent Techrights' Posts

There Are Also Loads of Microsoft LinkedIn Layoffs Today (Keep Track of the Subsidiaries They Keep Out of Headlines)
Perhaps lost in the smokescreen
There Are Bigger Rounds of Microsoft Layoffs Coming, a Cull of 10% Implemented in Waves (the "3%" Figure is Misleading, Face-Saving)
Last night we said they might do the layoffs in three or at least two waves
Unless a Third of All Microsoft Layoffs Worldwide Are in Redmond (Washington) Alone, Microsoft Has Just Lied to Everyone Via Jordan Novet in CNBC (i.e. the Usual Any Time There's Mass Layoffs and Novet Weighs in With False Numbers)
Maybe when Microsoft said 3% it meant ~6,000 or more in the US alone
As Expected, Microsoft Uses Media Operative (Jordan Novet) to Downplay the Scale of Mass Layoffs
here we go
 
Gemini Links 14/05/2025: "Writing My Story with Inspiration from Notable Lives" and People Start Shovelling Up LLM Slop Onto Geminispace,
Links for the day
Microsoft is Very Highly Stressed About Adoption of GNU/Linux at Windows' Expense (on Former "Vista 10" PCs)
What does this tell us?
Slopwatch: BetaNoise (BetaNews), LinuxSecurity, and Slopfarms Still Promoted by Google News
The primary goal is to demonstrate the problem persists
Links 14/05/2025: Google Agrees to $1.3 Billion Settlement After Spying, China Tariffs Don't Work
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 13, 2025
IRC logs for Tuesday, May 13, 2025
Gemini Links 13/05/2025: Apocalyptic Future and More
Links for the day
McKinsey (McK) is Killing IBM, It's All About Killing This Goose, "National Sales Team 80% on PIP Now" (Preceding Layoffs Without Severance)
PIPs are not based on performance
Links 13/05/2025: Microsoft Breaks Windows Very Badly Again, Mass Layoffs Reported (But False Figures, It's a Lot Higher)
Links for the day
2025 Will be a Big Year For GNU/Linux on Desktops/Laptops
with an economy like this, people who don't live in rich countries won't turn to Apple
Signs of Trouble: Microsoft Job Openings for Jobs That Do Not Exist!
Keeping up appearances?
"Special Place in Hell" for Women Who Help Violent Microsofters From Another Continent Attack Local Women Who Did Nothing Wrong, They Just Got Bullied and Deserve Sympathy or Compensation
Nothing says "Brat" like men who attack women, right?
The Numbers Game: 50,000-60,000 Microsoft Workers Laid Off in 2.5 Years? And Debt Still Tripled Under Nadella.
under Nadella Microsoft's debt trebled
The Slow Death of Windows Will Mean the Inevitable Demise of Microsoft
Once people stop using Windows, it'll be hard for Microsoft to sell anything to them
Last Week's Public Talk by Richard Stallman Well Attended and Covered in Technical News Sites
and we're looking at about 60,000 Microsoft layoffs in 3 years
Gemini Links 13/05/2025: Shopping is an Exasperating Nightmare and Making Phones Minimal
Links for the day
23,000 More Microsoft Layoffs by the End of June If the Estimates Are Correct (In Addition to About 6,000 Layoffs So Far This Year)
There's no questions about many layoffs happening this month. It got leaked already. The only question is when (and also how many).
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 12, 2025
IRC logs for Monday, May 12, 2025
Major Microsoft Layoffs This Week (Discussed Online)
later we can expect a lot of spin, even misinformation
What Happened to the Open Source Initiative (OSI) Elections: Missed Deadline
they helped expose a number of other scandals
Links 12/05/2025: Measles Rising and Taliban Outlaws Chess in Afghanistan
Links for the day
Gemini Links 12/05/2025: Advice, Iorist Ethics, and Touchscreens
Links for the day
The Finances of GAFAM Aren't as They Seem
MICROSOFT FINANCIAL PYRAMID revisited
Links 12/05/2025: US Brain Drain and Reminder That "Microsoft's Lobbying Efforts Eclipsed Enron" (Fraud Coverup)
Links for the day
The Enshittification of Royal Mail (Post Office/Postal Services) Continues
Enshittification is a thing, not only in the digital realm
Red Hat's Owner is Called "America's Worst Tech Company" (IBM) and Microsoft's Liabilities Grow
Microsoft has about a quarter of a trillion (yes, trillion with a "T") in liabilities
If the Gossip is True, Today Microsoft Has "Large M1 Meetings" to Discuss Almost 30,000 More Microsoft Layoffs in 2025
the claim is that Microsoft is preparing to lay off 10% of its staff
Microsoft Has a Long and Proven History of Funding Meritless Lawsuits Against Rivals and Critics (It Always Backfires)
It also looks like the solicitor used by two Microsofters to SLAPP us is being urgently replaced
Links 12/05/2025: Gardens and Kitchens
Links for the day
Links 12/05/2025: Media Being Attacked (New Forms of Attack on the Press), Many Data Breaches
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 11, 2025
IRC logs for Sunday, May 11, 2025