Bonum Certa Men Certa

Security Emergency at Microsoft, All Windows Users Are Vulnerable for Now

Windows users can cut the Internet cable to feel more secure


Summary: Every version of Windows is open to attack which has already targeted very many users and no patches are available yet

MICROSOFT HAD MANY security issues last month. We covered many of them over the course of the past fortnight, but here are some newer items and items which we missed.

Some while ago Microsoft discovered a very major zero-day flaw, which made a lot of headlines including this one where Microsoft is shown to be confirming the problem.

Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.

"Microsoft Acknowledges Windows Shell Vulnerability," says another article from around the same time. "Microsoft Warns Of Attacks Exploiting Windows Shell Flaw," alerts CRN. This is an emergency which, according to OpenBytes begs for a vulnerability patch on Monday. For how many consecutive months must such embarrassments happen? Also in the news:

According to this new report, Microsoft's bad patches, which even Microsoft partners are scared to apply, leave many Windows installations unpatched and thus totally vulnerable on a permanent basis. Microsoft pulls support (as in security patches) for older versions of Windows (Windows 2000 and soon Windows Server 2003) and since upgrades are not free when it comes to Windows, more people are expected to have vulnerable machines. To Microsoft, it's just a business decision. When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.

“When it comes to Windows 2000, Microsoft has neglected it security-wise longer than it's legally allowed.”Microsoft is largely a PR company, so needless to say it has ways of downlplaying the severity of such issues, which may have made one in two Windows PCs a zombie PC (since 2008).

As evidence of Microsoft's PR crusade, look no further than the latest Microsoft Imagine Cup rubbish [1, 2, 3, 4, 5]. It's Microsoft advertising and it's a way of making the monopolist look like it is loved by children. It's an attempt to change the company's image and similar stunts currently come from Microsoft Malaysia. But that's another story for another day. The point we are trying to make here is that no matter how serious Microsoft's security problems are, it will always do lots of PR work to silence reporters. We have documented cases where Microsoft unleashes PR people at journalists (regarding Vista security) and in last month's news we found "Irvine PR firm honored for work related to Microsoft patches". Watch the body of this article:

Madison Alexander was honored for the agency's work on behalf of its client, Shavlik Technologies. By consistently positioning Shavlik as an expert on Patch Tuesdays – when Microsoft Corp. releases software security updates once a month on a Tuesday – the firm delivered "prominent references" to Shavlik in media coverage of Patch Tuesdays, according a statement from Madison Alexander.

Juniper, which is run by several Microsoft executives, seem to be trying something similar with occasional press releases that are consistent with the same template.

“Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do”This just shows how 'independent' the press really is and why. It's all distorted by PR, but the PR happens behind the scenes (the back end, so to speak). "atom42 Tops Agency Leaderboard in Microsoft Competition," says the headline of this new press release. "In a recent competition run by Microsoft to promote recently improved ‘decision engine’ Bing, online marketing agency atom42 outperformed larger rivals to win ‘blingin’ prizes." Awww... wonderful!

Microsoft's security problems are not helped by disgruntled groups whom Microsoft is pushing to behave as they do [1, 2]. It is only making things worse because they take revenge and put all Windows users at risk. This is where Microsoft's attitudinal problem (arrogance and power games [1, 2, 3]) contributes to lack of security in its products. Some security experts are even leaving Microsoft. New example:

Security researcher and former Microsoft gadfly Marc Maiffret has returned to the company he started when he was a teenager, eEye Digital Security.

Until Microsoft's emergency security patch arrives everyone who uses Windows is at risk of being assembled into a botnet, "Experts predict extensive attacks of Windows zero-day," says this report, noting that "Security organizations... raised Internet threat levels to warn users that they expect widespread attacks using exploits of a just-acknowledged critical bug in all versions of Windows."

That's right, all versions are affected, Vista 7 included. A while ago Microsoft said that 25,000 PCs were attacked with the latest Windows zero-day flaw (the number is now higher) and it investigated issues it could prevent by simply changing its internal culture.

"Fuck! It took you a year to figure that out!"

--Bill Gates

"That’s the dumbest fucking idea I’ve heard since I’ve been at Microsoft."

--Bill Gates

Recent Techrights' Posts

Links 23/04/2024: US Doubles Down on Patent Obviousness, North Korea Practices Nuclear Conflict
Links for the day
Stardust Nightclub Tragedy, Unlawful killing, Censorship & Debian Scapegoating
Reprinted with permission from Daniel Pocock
Richard Stallman's Next Public Talk is on Friday, 17:30 in Córdoba (Spain), FSF Cannot Mention It
Any attempt to marginalise founders isn't unprecedented as a strategy
Volunteers wanted: Unknown Suspects team
Reprinted with permission from Daniel Pocock
Debian trademark: where does the value come from?
Reprinted with permission from Daniel Pocock
Detecting suspicious transactions in the Wikimedia grants process
Reprinted with permission from Daniel Pocock
Gunnar Wolf & Debian Modern Slavery punishments
Reprinted with permission from Daniel Pocock
On DebConf and Debian 'Bedroom Nepotism' (Connected to Canonical, Red Hat, and Google)
Why the public must know suppressed facts (which women themselves are voicing concerns about; some men muzzle them to save face)
Several Years After Vista 11 Came Out Few People in Africa Use It, Its Relative Share Declines (People Delete It and Move to BSD/GNU/Linux?)
These trends are worth discussing
Canonical, Ubuntu & Debian DebConf19 Diversity Girls email
Reprinted with permission from
Links 23/04/2024: Escalations Around Poland, Microsoft Shares Dumped
Links for the day
Gemini Links 23/04/2024: Offline PSP Media Player and OpenBSD on ThinkPad
Links for the day
Amaya Rodrigo Sastre, Holger Levsen & Debian DebConf6 fight
Reprinted with permission from
DebConf8: who slept with who? Rooming list leaked
Reprinted with permission from
Bruce Perens & Debian: swiping the Open Source trademark
Reprinted with permission from
Ean Schuessler & Debian SPI OSI trademark disputes
Reprinted with permission from
Windows in Sudan: From 99.15% to 2.12%
With conflict in Sudan, plus the occasional escalation/s, buying a laptop with Vista 11 isn't a high priority
Anatomy of a Cancel Mob Campaign
how they go about
[Meme] The 'Cancel Culture' and Its 'Hit List'
organisers are being contacted by the 'cancel mob'
IRC Proceedings: Monday, April 22, 2024
IRC logs for Monday, April 22, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Don't trust me. Trust the voters.
Reprinted with permission from Daniel Pocock
Chris Lamb & Debian demanded Ubuntu censor my blog
Reprinted with permission from
Ean Schuessler, Branden Robinson & Debian SPI accounting crisis
Reprinted with permission from
William Lee Irwin III, Michael Schultheiss & Debian, Oracle, Russian kernel scandal
Reprinted with permission from
Microsoft's Windows Down to 8% in Afghanistan According to statCounter Data
in Vietnam Windows is at 8%, in Iraq 4.9%, Syria 3.7%, and Yemen 2.2%
[Meme] Only Criminals Would Want to Use Printers?
The EPO's war on paper
EPO: We and Microsoft Will Spy on Everything (No Physical Copies)
The letter is dated last Thursday
Links 22/04/2024: Windows Getting Worse, Oligarch-Owned Media Attacking Assange Again
Links for the day
Links 21/04/2024: LINUX Unplugged and 'Screen Time' as the New Tobacco
Links for the day
Gemini Links 22/04/2024: Health Issues and Online Documentation
Links for the day
What Fake News or Botspew From Microsoft Looks Like... (Also: Techrights to Invest 500 Billion in Datacentres by 2050!)
Sededin Dedovic (if that's a real name) does Microsoft stenography
Stefano Maffulli's (and Microsoft's) Openwashing Slant Initiative (OSI) Report Was Finalised a Few Months Ago, Revealing Only 3% of the Money Comes From Members/People
Microsoft's role remains prominent (for OSI to help the attack on the GPL and constantly engage in promotion of proprietary GitHub)
[Meme] Master Engineer, But Only They Can Say It
One can conclude that "inclusive language" is a community-hostile trolling campaign
[Meme] It Takes Three to Grant a Monopoly, Or... Injunction Against Staff Representatives
Quality control
[Video] EPO's "Heart of Staff Rep" Has a Heartless New Rant
The wordplay is just for fun
An Unfortunate Miscalculation Of Capital
Reprinted with permission from Andy Farnell
[Video] Online Brigade Demands That the Person Who Started GNU/Linux is Denied Public Speaking (and Why FSF Cannot Mention His Speeches)
So basically the attack on RMS did not stop; even when he's ill with cancer the cancel culture will try to cancel him, preventing him from talking (or be heard) about what he started in 1983
Online Brigade Demands That the Person Who Made Nix Leaves Nix for Not Censoring People 'Enough'
Trying to 'nix' the founder over alleged "safety" of so-called 'minorities'
[Video] Inauthentic Sites and Our Upcoming Publications
In the future, at least in the short term, we'll continue to highlight Debian issues
List of Debian Suicides & Accidents
Reprinted with permission from
Jens Schmalzing & Debian: rooftop fall, inaccurately described as accident
Reprinted with permission from
[Teaser] EPO Leaks About EPO Leaks
Yo dawg!
On Wednesday IBM Announces 'Results' (Partial; Bad Parts Offloaded Later) and Red Hat Has Layoffs Anniversary
There's still expectation that Red Hat will make more staff cuts
IBM: We Are No Longer Pro-Nazi (Not Anymore)
Historically, IBM has had a nazi problem
Bad faith: attacking a volunteer at a time of grief, disrespect for the sanctity of human life
Reprinted with permission from Daniel Pocock
Bad faith: how many Debian Developers really committed suicide?
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 21, 2024
IRC logs for Sunday, April 21, 2024
A History of Frivolous Filings and Heavy Drug Use
So the militant was psychotic due to copious amounts of marijuana
Bad faith: suicide, stigma and tarnishing
Reprinted with permission from Daniel Pocock
UDRP Legitimate interests: EU whistleblower directive, workplace health & safety concerns
Reprinted with permission from Daniel Pocock