Bonum Certa Men Certa

Microsoft Finally Admits Numbers of Vulnerabilities It Reports Are Fake

Microsoft lies



Summary: Mike Reavey, the director of the Microsoft Security Response Center, admits that Microsoft is silently patching vulnerabilities without ever reporting the problem

IT'S official. Microsoft is a liar. Again. Now there is even admission from Microsoft, confirming an issue which we first raised some weeks ago. Whenever Microsoft says it patches x number of flaws with y number of patches/bulletins, Microsoft ought to be assumed to be lying. Microsoft's silent patching is a subject we have been covering for years and it helps explain why one in two Windows PCs is believed to be a zombie PC, despite Microsoft's claims that all of its flaws are being addressed. All those fake comparisons against platforms like Red Hat Enterprise Linux (where Microsoft stacks up and aggregates numbers of flaws) can be thrown into the wastebasket. If convincing proof is needed, here it is. Microsoft first tried to spin it (for weeks) and now it gives up and tells the truth.



Microsoft Official Admits to Quiet Security Patching



Microsoft doesn't report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

"We don't document every issue found," Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company's corporate headquarters in Redmond, Washington.

Microsoft will issue a Common Vulnerabilities and Exposures (CVE) number to a vulnerability for flaws that share the same severity, have an attack vector and a workaround. If several flaws share all the same properties, they will not be reported separately, Reavey said.

The nondisclosure of fixes was brought to light early this month by a company called Core Security Technologies. After studying the Microsoft patches MS10-024 and MS10-028, it noticed three silent fixes. Security bulletin MS10-028 addressed a flaw that would expose a user of Microsoft Visio to a buffer overflow attack, which would allow an attacker to take over control of the system.


Finally. Thanks for the honesty. So how much damage has been caused by Microsoft's lies so far. Microsoft has been denying this for years, but not exactly denying, either. It was spinning and avoiding the actual question. It's the art of lying without practically lying, just evading. Adobe is at least honest about its proprietary software being insecure garbage. As far as we are aware, Adobe hasn't a long history of systematic lying, unlike Microsoft.

"Microsoft smacks patch-blocking rootkit second time," says another new report from Gregg Keizer.

For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.


Here is another one (also here):

Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), said his team is looking into Raskin's claims, but hinted that Microsoft wouldn't be patching IE anytime soon. "I wouldn't classify this as a 'vulnerability' though," Bryant said in an e-mail answer to questions.


The followup says:

Will browser makers patch this? Unlikely. Microsoft's Jerry Bryant, a general manager at the company's security response center, said the issue isn't a security vulnerability per se, and that Internet Explorer (IE) falls for the scam because that's the way browsers work.

"Working with [Raskin's] proof-of-concept, as written, is expected," he said in an e-mail Tuesday when asked whether Microsoft had a fix in mind for IE.


Let's remember how much damage was caused this year because Microsoft had refused to patch known Internet Explorer flaws for five months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Where is the liability [1, 2, 3, 4, 5]? Watch what it happening in Denver right now.

Denver officials have asked the FBI, Denver police and Microsoft Corp. to help them identify the person or people who have hacked into the city's website twice in the past week.


If Microsoft gets involved, then it almost must be a Windows server.

Comments

Recent Techrights' Posts

Yes, Of Course the Linux Foundation's OpenSSF Rejects Open Source and GNU/Linux (New Report)
longstanding tradition
Links 10/12/2024: Nvidia's Regulatory Woes, Trust Issues in LLMs (and Similar Recent Hype)
Links for the day
Gemini Links 10/12/2024: Lagrange 1.18.4 Released, New RNG
Links for the day
More Chatbot 'Articles' About Chatbots
Look what's happening to the Web...
Microsoft Falls to All-Time Lows in Cameroon
Windows down to just 4.6%
Brittany Day Still Uses Bots to 'Write' Articles (But Not All the Time)
it leads to a presumption of plagiarism
Links 10/12/2024: Trying "Hey Hi" With New Hype and Buzzwords, TikTok Bans Imminent
Links for the day
Google's CEO: LLMs' ‘Low-Hanging Fruit’ Now Exhausted
They basically tell shareholders not to expect returns on this hype
Microsoft Windows Falls to 11% in Senegal, an All-Time Low
In neighbouring countries (to the east of Senegal) the "market share" of Windows is even lower
The EPO's Corrupt Dealings With Microsoft Never Addressed, Only Worsened
it helps Microsoft spy on the competition and manipulate examiners dealing with its files
The Catching of Luigi Mangione Shows We Need Not Have More Surveillance (Than We Already Have; It's Excessive Anyway)
instead of saying surveillance is insufficient and thus we need more of it, now they can claim they have enough of it
[Teaser] Fate of Formalities Officers (FOs) at the EPO
Coming soon
Libre Liberia: Windows Down to 8% in Liberia
In Liberia, only about 1 in 12 Web requests seems to originate from Windows
Links 10/12/2024: Health, Politics, Economics, and More
Links for the day
Gemini Links 10/12/2024: LLM Plagiarism and "Flow" Review
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 09, 2024
IRC logs for Monday, December 09, 2024
EPO Salaries Reduced: EPO's “Sustainability” Clause "Cuts the Average Overall Adjustment for Staff by –41,8%."
What does this all mean for staff?
Google is Nuking Remaining Invidious Instances Again, Hoping to Force Everyone to Use Proprietary Spyware With DRM
This issue started a few hours ago
Microsoft's Grip on Armenia is Slipping, According to New Data From statCounter
Notice what happened to Windows - an all-time low
[Meme] Sloppy Plagiarism Full of Errors, Lacking Actual Comprehension
LLMs are not "AI"
More LLM Spam/Slop About LLM Spam/Slop
This is what the Web will become unless we expose those who contribute to the problem
Reforming Versus Rebooting Versus Destroying Institutions
At the moment we strive to expose the truth or shine light on pertinent facts
Expose Corrupt Insurance Companies, Don't Kill People
Murder gives them sympathy, makes the raiders seem like the victims
Microsoft's Windows is Pretty Much Dead in Haiti
Android has eaten Microsoft's lunch, Microsoft can't even eat crow
[Teaser] EPO Management Thinks Inflation in Europe is 0.2% Per Annum
Taming inflation by entirely ignoring it is like wrongly assuming that climate change (caused by human activity) can be overcome by not studying the effect of 8+ billion humans on this finite planet
Corporate Media Will Be Discarded and Eventually Die If It Keeps Doing "Bill Gates Sez" (or Similar) Pieces Instead of Journalism
"Superintelligence" does not even mean anything!
This Week We Focus Again on European Patent Office (EPO) Scandals
Nothing can stop us, not even a party or SLAPP
Links 09/12/2024: Health Care Anger and Power Vacuum in Syria
Links for the day
Links 09/12/2024: Burned, Uncertain Future, and Failure
Links for the day
[Meme] Write Code, Not Social Control Media
don't forget to 'like'
Links 09/12/2024: UnitedHealthcare C.E.O.'s Killer Still Unknown, Syrian Regime Change Completed
Links for the day
Site in Support of Richard Stallman Reminds People of the FSF's and Stallman's Support of Women
new updates
Microsoft: Target the Young (Get 'Em While They're Young)
Then they say Free software advocates are "extremists" and "rude"...
As of December 8th (23 Days Remaining), the FSF (Free Software Foundation, Inc.) Already a Third of the Way Toward Ambitious Funding Goal
FSF's memberships (or donations) drive is going a lot better than we anticipated
Why Mike Magee Created and Was Involved in So Many News Sites About Technology
British legend
In Memory of Mike Magee (1949-2024) and Our Best Wishes to The Register, Which He Founded in the 1990s
Months have passed since Magee died
Tunisia is Android, Windows is Waning There
Windows was measured below 20% in Tunisia
[Meme] Jeff Bezos Working From Home
"B**** please, publish articles in Washington Post about how working from home sucks"
'Remote' (From Home) Tech Workers Are More Productive for a Lot of Reasons
The Bezos-owned media should disclose its conflict of interest here
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 08, 2024
IRC logs for Sunday, December 08, 2024
No Wonder Microsoft's LinkedIn and Github Have So Many Layoffs, Permanent Office Closures
Traffic down, losses, probably never going to profit
Microsoft Ends Support for Vista 10, So Relative Share of Vista 10 Goes Up, Vista 11 is Down
For 2 months in a row already
When Python is Basically Run by a 'Microsoft-Friendly' Mole Who Ousts People That Actually Contributed a Lot to Python for Many Years
Removing some of the best people
Microsoft's Latest 'Novel' Approach, Trying to Prevent People Moving Away From Microsoft and From Windows
ads say a lot about their business strategy
Syria: Microsoft Windows Down to 8% "Market Share" (It Was 99% Just 15 Years Ago)
it was even measured at less than 5% earlier this year
Microsoft-sponsored "The New Stack" Publishing Microsoft Windows Articles in "Linux" Clothing
Just sayin'...
Links 08/12/2024: Boeing Leaks and Bluesky’s Business Model Dilemma
Links for the day
Gemini Links 08/12/2024: UK Winds and Ultraviolet Grasslands (UVG)
Links for the day
Links 08/12/2024: Conflicts, Misinformation, and Gutting of the Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 07, 2024
IRC logs for Saturday, December 07, 2024