Bonum Certa Men Certa

Security Emergency at Microsoft, All Windows Users Are Vulnerable for Now

Windows users can cut the Internet cable to feel more secure

Cutting



Summary: Every version of Windows is open to attack which has already targeted very many users and no patches are available yet

MICROSOFT HAD MANY security issues last month. We covered many of them over the course of the past fortnight, but here are some newer items and items which we missed.



Some while ago Microsoft discovered a very major zero-day flaw, which made a lot of headlines including this one where Microsoft is shown to be confirming the problem.

Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.


"Microsoft Acknowledges Windows Shell Vulnerability," says another article from around the same time. "Microsoft Warns Of Attacks Exploiting Windows Shell Flaw," alerts CRN. This is an emergency which, according to OpenBytes begs for a vulnerability patch on Monday. For how many consecutive months must such embarrassments happen? Also in the news:



According to this new report, Microsoft's bad patches, which even Microsoft partners are scared to apply, leave many Windows installations unpatched and thus totally vulnerable on a permanent basis. Microsoft pulls support (as in security patches) for older versions of Windows (Windows 2000 and soon Windows Server 2003) and since upgrades are not free when it comes to Windows, more people are expected to have vulnerable machines. To Microsoft, it's just a business decision. When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.

“When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.”Microsoft is largely a PR company, so needless to say it has ways of downlplaying the severity of such issues, which may have made one in two Windows PCs a zombie PC (since 2008).

As evidence of Microsoft's PR crusade, look no further than the latest Microsoft Imagine Cup rubbish [1, 2, 3, 4, 5]. It's Microsoft advertising and it's a way of making the monopolist look like it is loved by children. It's an attempt to change the company's image and similar stunts currently come from Microsoft Malaysia. But that's another story for another day. The point we are trying to make here is that no matter how serious Microsoft's security problems are, it will always do lots of PR work to silence reporters. We have documented cases where Microsoft unleashes PR people at journalists (regarding Vista security) and in last month's news we found "Irvine PR firm honored for work related to Microsoft patches". Watch the body of this article:

Madison Alexander was honored for the agency's work on behalf of its client, Shavlik Technologies. By consistently positioning Shavlik as an expert on Patch Tuesdays – when Microsoft Corp. releases software security updates once a month on a Tuesday – the firm delivered "prominent references" to Shavlik in media coverage of Patch Tuesdays, according a statement from Madison Alexander.


Juniper, which is run by several Microsoft executives, seem to be trying something similar with occasional press releases that are consistent with the same template.

“Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do”This just shows how 'independent' the press really is and why. It's all distorted by PR, but the PR happens behind the scenes (the back end, so to speak). "atom42 Tops Agency Leaderboard in Microsoft Competition," says the headline of this new press release. "In a recent competition run by Microsoft to promote recently improved ‘decision engine’ Bing, online marketing agency atom42 outperformed larger rivals to win ‘blingin’ prizes." Awww... wonderful!

Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do [1, 2]. It is only making things worse because they take revenge and put all Windows users at risk. This is where Microsoft's attitudinal problem (arrogance and power games [1, 2, 3]) contributes to lack of security in its products. Some security experts are even leaving Microsoft. New example:

Security researcher and former Microsoft gadfly Marc Maiffret has returned to the company he started when he was a teenager, eEye Digital Security.


Until Microsoft's emergency security patch arrives everyone who uses Windows is at risk of being assembled into a botnet, "Experts predict extensive attacks of Windows zero-day," says this report, noting that "Security organizations... raised Internet threat levels to warn users that they expect widespread attacks using exploits of a just-acknowledged critical bug in all versions of Windows."

That's right, all versions are affected, Vista 7 included. A while ago Microsoft said that 25,000 PCs were attacked with the latest Windows zero-day flaw (the number is now higher) and it investigated issues it could prevent by simply changing its internal culture.

"Fuck! It took you a year to figure that out!"

--Bill Gates



"That’s the dumbest fucking idea I’ve heard since I’ve been at Microsoft."

--Bill Gates



Recent Techrights' Posts

It's FOSS? No, It's SPAM.
Another sellout
Techrights is Officially an Adult
this site's eighteenth anniversary
Technology: rights or responsibilities? - Part IX
By Dr. Andy Farnell
Many Geeks' Achilles Heel: They Don't Take Computer Breaks
Life can get longer if you stay healthy
In Asia, Microsoft's Bing Became Smaller Than Yandex and It Shrinks Every Month
How long before Microsoft pulls the plug on Bing?
 
GNU/Linux news for the past day
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 04, 2024
IRC logs for Wednesday, December 04, 2024
Links 05/12/2024: Formaldehyde and Cancer, US and China Boycotting One Another
Links for the day
Gemini Links 05/12/2024: Hermeticism, Living in the Shell, and More
Links for the day
At the OSI, Microsoft Operative (Funded by Microsoft) Promotes Proprietary Software of Microsoft
The OSI is deeply corrupt. The good news is, it's barely hiding it anymore.
Links 04/12/2024: Social Control Media Thoughts, Enrons of 2024, and More
Links for the day
Gemini Links 04/12/2024: Soviet Esotericism, Mikrotik is Awesome, and More
Links for the day
[Meme] Silicon Valley's "Successful Businessmen"
Debt is not a currency
Visualising About 0.7 Trillion Dollars of Debt in Supposedly "Successful" Tech Companies
If they're doing so well, how come they borrow so much money (which some would struggle to pay back or never manage to pay back)?
Single-Digit Microsoft: Windows Finally Falls Below 10% in Angola
it's only a matter of time before Windows is down to 5%
Coming Up With Topics to Cover and Issues to Comment on
Socialising is a big part of it
[Meme] Far From What Was Originally Intended
Makes site about RMS; Deletes his own 'site'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 03, 2024
IRC logs for Tuesday, December 03, 2024
Illuminating Microsoft's Dirty Tactics
Criticising illegal things that Microsoft does can be classified as "Microsoft bashing" or "hatred"
Proof That Drew DeVault Vanished From Mastodon After the RMS Attack Site Was Linked to Him (and People Pointed Out DeVault's Fascination With Animated CP, Drawings of Naked Kids)
We assume he just wanted to vanish from Mastodon
Maybe Bill Gates is Getting Demented Like His Late Father (He Says Things That Are True But He's Not Supposed to Say in Public)
It happened in a podcast with Reid Hoffman
We've Clearly Struck a Nerve
Microsofters and Microsoft proxies have meanwhile lost their temper
The Userbase of GNU/Linux is Growing, Investments in the FSF Grow Too (in Spite of Microsofters Inciting and Slandering It)
The FSF's expenses are close to 2 million dollars a year
Links 03/12/2024: Pat Gelsinger's Firing Spun as 'Retirement', US Exports Land Mines
Links for the day
Links 03/12/2024: GrapheneOS, Raspberry Pi 4, and More
Links for the day
Links 03/12/2024: Googlebombing "Windows 12", Games Preservation, and Public Domain Game Jam
Links for the day
Steven J. Vaughan-Nichols (SJVN) 'Works' for Linux Foundation (LF) on SPAM Campaigns, Just Like Spamnil's TFiR (Swapnil Bhartiya)
How can he publish something like this under his name?
Microsoft's Debt Ratio is Awful
It owes almost 150% of what it can give
Microsoft Has Already Laid Off Tens of Thousands of Workers, "Headcount" is Misleading Spin From Microsoft-Funded Sites
Expect Microsoft to suck up to Trump, looking for more bailouts (those typically manifest themselves in the form of "defence" contracts)
South America: GNU/Linux Grew to 8.15% Venezuela, Steadily Over 3% Overall
holding steady above 3%
Clownflare (Cloudflare) Debt Grows, Losses Continue
debt of nearly $400,000 per employee
Gemini Links 03/12/2024: December Adventure and Social Justice Gone Wild
Links for the day
Microsoft Windows Falls to 12.5% in Cuba, Android Soaring
Windows isn't even doing too well on desktops/laptops
[Meme] GAGAM: Google, Apple, Gulag, Amazon, Microsoft, and the Rest
The Web has never been more dangerous and hostile
ChromeOS Isn't Freedom, But It's Killing Microsoft's Ability to Profit From Windows
ChromeOS has shot up to 22% in Sweden
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 02, 2024
IRC logs for Monday, December 02, 2024
The L Word (Not Linux)
Championing Software Freedom is "dangerous"
Did IBM Layoffs Stop? Ask Dr. Krishna, The 'Genius' of IBM...
Trust AK to solve all the problems of IBM by creating bigger problems
It's Easy to Snyk in Marketing SPAM (and FUD) Into BetaNews
The latest marketing piece (disguised as information, not shameless self-promotion)
[Meme] Sportwashing vs Code of Censorship (CoC)
Expectation of censorship (censor for me... or else!)
GNU/Linux at 4% in Algeria
So it more than doubled since last year
With 4 Weeks to Go (Before the End of 2024) the FSF Has Already Raised Close to 100,000 Dollars
The FSF must be doing something right
"Linux on the Desktop" (Less Than a Third of Web-connected Computers Still a Desktop or Laptop)
It's like we're chasing a goal that's 2 or 3 decades in the past
[Meme] The Failure of Microsoft Rebranding Campaigns
market share down, costs soared, back to basics
2 Years Have Passed Since ChatGPT Vapourware and Bing Gained Nothing, Yandex is About to Overtake Microsoft in Search
A cause for concern at Microsoft?
GNU/Linux Rises to 4% in Ireland, ChromeOS Grows and Android Takes Windows' Lunch
Windows down to 22%
[Meme] Meanwhile at Intel (Where the CEO Got the Boot)
Well, if taxpayers pay to save Intel, then Intel should be publicly owned (by those taxpayers)