Bonum Certa Men Certa

Microsoft Security Worse Than Ever, All Windows Users Still Vulnerable

Grunge cover



Summary: Code red for Microsoft as just days after an "emergency" patch comes the largest-ever patchset and all versions of Windows still seem to be left open for attackers

LAST WEEK was an emergency week for Windows users [1, 2, 3], all of whom were left vulnerable to hijacking due to Microsoft's incompetence. Here is just one more article about it:

An emergency Windows software update will close a loophole in Microsoft’s operating system that makes it easy for hackers to take control of a computer using shortcuts


Have things truly improved after this emergency patch? Don't bet on it. Microsoft is breaking new records in this Tuesday's security update, which is said to plug 34 holes:

Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.


There is a lot more coverage about this [1, 2, 3, 4, 5, 6, 7, 8, 9] as "Microsoft [is] to issue record number of security bulletins next Tuesday" [via].

For those who think that 34 holes is the correct number, think again. Microsoft is patching its software silently and unethically so as to fake numbers that its employees decrease by hiding some of the applied fixes. In other words, Microsoft is knowingly lying and giving fake numbers. Previously we wrote about how Microsoft also spurned researchers who had warned about security flaws in Windows [1, 2, 3]. Microsoft is trying to make up after the Microsoft-Spurned Researcher Collective had been created and "TippingPoint's ZDI sets a 6-month deadline on vendors to encourage faster patching," according to this report. There is more information about it here.

Microsoft's problems are not over and all Windows users continue to be vulnerable to attacks (even after Patch Tuesday) because:

1. Unpatched kernel-level vuln affects all Windows versions

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.


2. Microsoft probes new Windows kernel bug

3. Unpatched Vulnerability in All Windows Versions Claimed

4. Kernel-level Vulnerabilities Hit All Windows Versions

Microsoft on Friday announced to have launched an investigation into kernel-level vulnerability hitting Windows. As per reports, all versions of the Microsoft OS have been engulfed by the bug, including the heavily fortified Windows 7.


We wrote about this in a previous post. Rather than security improving over time, Microsoft seems to be getting worse and the number of holes is increasing.

Comments

Recent Techrights' Posts

Helping Microsoft 'Hijack' Developers (to Make Them Work for Microsoft, Not the Competition)
VS Code is proprietary spyware of Microsoft. Jack Wallen keeps promoting its use.
 
Outreachy, GSoC-mentors & Debian-Private may soon become public records in federal court
Reprinted with permission from Daniel Pocock
Links 28/02/2024: Many War Updates and Censorship
Links for the day
Gemini Links 28/02/2024: Social Control Media Notifications and Gemini Protocol Extended
Links for the day
Links 28/02/2024: Microsoft the Plagiarist is Projecting, Food Sector Adopts Surge Pricing
Links for the day
Gemini Links 28/02/2024: Groupthink and the 'Problem' With Linux
Links for the day
Android Rising (Windows Down to All-Time Lows, Internationally)
This month was a bloodbath for Microsoft
HexChat Looks for Successors to Keep IRC Growing
IRC is far from dead
[Meme] Just Make Him Happy
Y U no produce more monopolies?
End of a Long February
top 10 posts
[Meme] The EPO's Relationship With Patent Examiners
Nobody is "safe"
New Pension Scheme (NPS) at the European Patent Office Explained at the General Assembly
Investing in the future, or...
Donald Trump & FSFE Matthias Kirschner election denial
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 27, 2024
IRC logs for Tuesday, February 27, 2024
Links 27/02/2024: PlayStation Layoffs and More Oppressive New Laws for Hong Kong
Links for the day
Gemini Links 27/02/2024: Facebook as Containment Field and Depression Driven Development (DDD)
Links for the day
They're Adding Warnings Now: The Site "It's FOSS" is Not FOSS
It's better that they at least explicitly state this
Links 27/02/2024: Nevada Versus End-To-End Encryption, Birmingham Bankrupt
Links for the day
End of an Era
The Web isn't just filled with marketing spam but actual disinformation
[Meme] Onboarding New EPO Staff
You read the patent application and grant within hours
The Legacy Prolific Writers Leave Behind Them
"Free Software Credibility Index" after more than 15 years
The Ongoing Evolutionary Process of News-Reading (or News-Finding) on the World Wide Web
it gets worse
Phoronix in Google News
congratulating or welcoming Embrace, Extend, Extinguish (E.E.E.)
Google Fired Many Employees Working on Google News (Which Had Deteriorated and Became Gulag Noise, Littered and Gamed by Blogspam, Plagiarism, and Chatbot/Translator-Generated Spew), Now Comes the Likely 'Phase-out'
No wonder many yearn for the days of DMOZ and Web directories in general
IRC Proceedings: Monday, February 26, 2024
IRC logs for Monday, February 26, 2024
Over at Tux Machines...
GNU/Linux news for the past day
"It's Obvious There's No Future For Any of Us from Blizzard at Microsoft"
The rumours suggest that more Microsoft layoffs are on the way
[Meme] Who's the Boss?
"I thought EPC governed the Office"
Salary Adjustment Procedure (SAP) at the EPO and Why Workers' Salary is Actually Decreasing Each Year (Currency Loses Its Purchasing Power)
outline and update on a years-old blunder
Exposed: FSFE, Legal & Licensing Workshop (LLW), Legal Network & Modern Slavery
Reprinted with permission from Daniel Pocock