Bonum Certa Men Certa

Windows 'Update' and NSA Back Doors, Including a 19-Year Bug Door in Microsoft Windows

Summary: The back doors-enabled Microsoft Windows is being revealed and portrayed as the Swiss cheese that it really is after massive holes are discovered (mostly to be buried by a .NET propaganda blitz)

Windows 'Update', which essentially translates into Microsoft manipulating binaries on people's machines without any changelog (at least not in source code form), is making the news again this month. Windows 'Update' is happening quite often (a monthly recurrence), but this time there is a lot to say about it.



The British NHS, which holds full medical records of very many individuals, recently received a lot of flack for sticking with an unsupported operating system that was released when I was a teenager instead of upgrading to recently-built Free software like GNU/Linux. Guess what happened to the NHS? "NHS XP patch scratch leaves patient records wide open to HACKERS" says the British press, meaning that not only the NSA gets access to NHS data:

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal.


Another story of a botched update of Windows says that "Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud":

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft's Windows Update mechanism.


That's what one gets when using weak ciphers that the NSA promotes and Microsoft willingly spreads. Windows Update is a dangerous tool for many reasons not just because it is bricking Linux devices these days but because it's a tool that gives the NSA a lot of power. Before an update kicks in the NSA is given information that allows it to take full control of PCs with Windows, remotely even (this is done every month). This may sound benign until one learns about Stuxnet (weaponised malware of the NSA) and considers this latest Patch Tuesday:

Microsoft is issuing the largest number of monthly security advisories since June 2011, five of them critical and affecting all supported versions of Windows. And applying the patches will be time consuming, experts say.

“Next week will tell us how many CVEs are involved but suffice to say, this patch load will be a big impact to the enterprise,” says Russ Ernst, the director of product management for Lumension.


CBS, being not just a proponent of espionage, mass surveillance, assassination and violent wars but also a proponent of back doors, had its site ZDNet downplay the above. "So far in calendar year 2014," it said, "Microsoft has fixed 215 vulnerabilities in Internet Explorer" (lots of potential NSA back doors). Then come some lame excuses and damage control from Microsoft in the update, trying to make its bad record look like a positive, neglecting that fact that Microsoft has been secretly patching holes to yield fake numbers and give a false sense of security. Here is the full summary:

So far in calendar year 2014, Microsoft has fixed 215 vulnerabilities in Internet Explorer, with more coming out today. There have been security updates to Internet Explorer every month this year except for January.


This other report, titled "Potentially catastrophic bug bites all versions of Windows. Patch now", does not entertain the possibility of back/bug doors in Microsoft Windows being exploited, despite that fact that Microsoft already told the NSA (prodifing exploit knowledge), which undoubtedly engages in illegal intrusions/cracking. A report from IDG notes that this bug is nearly two decades old and add that only "[w]ith help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. "

"How many times might this flaw have been exploited by now?"So IBM, despite having no access to source code (as far as we can tell), was perhaps the only reason why Microsoft addressed this issue two decades late, eh? How many times might this flaw have been exploited by now? A reader of us, alluding to that nonsense .NET PR, explains: "Perhaps a big reason for the PR teams trumpeting the open-core or freemium model?"

It sure serves as a good distraction. When Windows XP support (patches) came to an end a Microsoft-connected firm immediately (on the very same day) started throwing brands and logos in relation to an OpenSSL bug, stealing the show and spreading FUD for many months, generalising it so as to appear like a serious, inherent issue in FOSS.

Watch this critical remote code execution flaw in Windows. It is extremely serious, but there is no logo or brand for it (unlike FOSS FUD like "Heartbleed" or "Shellshock" -- with a brand that was even perpetuated by the Russia-based Mandriva the other day).

Recent Techrights' Posts

Michael “Monty” Widenius: It Started in 1983 With Richard Stallman (RMS)
The other co-founder of MySQL is a bit notorious for confronting RMS rather viciously
For the Second Time in a Few Weeks Microsoft Lunduke Makes False Accusations Against Senior Red Hat Staff to Incite a Despicable 'Troll Army'
Nothing that Microsoft Lunduke claims of says can be trusted
 
Links 03/10/2025: Lawyers Caught Using LLM Slop Explain Why They Did It, LibreSSL 4.1.1 and 4.0.1 Released
Links for the day
FSF Board Grew 50% Since Last Year, Has New President, Turns 40 in Two Days
It's a good move for the FSF and - by extension - for software freedom
Links 03/10/2025: Conflicts, Death of TypePad, and TikTok/CheeTok Gives a Boost to Far Right Groups in Europe
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 02, 2025
IRC logs for Thursday, October 02, 2025
Slopwatch: Linux Journal, Google News, and LinuxSecurity
They carry on polluting the Web with fake articles
Gemini Links 02/10/2025: Kubernetes With FreeBSD and robots.txt
Links for the day
Links 02/10/2025: 'Open' 'AI' Resorting to Gimmicks and Fake Funding, Europe’s ‘Drone Wall’ Discussed
Links for the day
Links 02/10/2025: Brave Passes 100M Users Milestone, Kodak Selling Its Own Film Again
Links for the day
su lisa && rm -rf /home/ibm/power
Novell was ruined by another person from IBM, Ronald Hovsepian
A Record Demand at Microsoft: Demand to Cancel
What we're witnessing is a very ungraceful destruction of XBox
Microsoft is Losing Europe
Hence all the "support" and "discount" offers that are limited to Europe
The Free Software Foundation Starts Fund-raising for 40th Anniversary
New pop-up 2-3 days ahead of the 40th anniversary event
Systemd Breaks Networking in Debian and Microsoft Staff Rushes to Make Face-Saving Excuses in LWN
Microsoft's bluca is already there in the comments, his Microsoft money pays for LWN to let him leave comments early
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 01, 2025
IRC logs for Wednesday, October 01, 2025
What the End of XBox Will Look Like: a Fiery Crash
XBox is the next Skype. It won't last much longer. Expect many more layoffs.
Richard Stallman is Going to Finland to Give a Talk Next Thursday
A day later he speaks in Sweden
Gemini Links 02/10/2025: SMTP Pipelining and End of ROOPHLOCH 2025
Links for the day
Slopwatch: Plagiarism, Fake Articles, and FUD About Linux
not a day goes by without Google News feeding FUD from slopfarms
Gemini Links 01/10/2025: Chat Control and End of Life
Links for the day
Links 01/10/2025: Long Covid Risk Reiterated, "Bitcoin Queen" Caught
Links for the day
Links 01/10/2025: EA $55 Billion Deal is Debt and Slop "Raises Vishing Risks"
Links for the day
Bluewashing at Red Hat Means Redundancies
The man who sold Red Hat to IBM meanwhile became a Microsoft Mono booster
After Killing OpenSource.com, IBM ('Red Hat') and OSI Told Us OpenSource.net Would Replace It (But That Didn't Happen)
Now it's time to move on, perhaps tarnishing the "Open Source" label some more (for whatever sponsor wants this)
Linux is Not a Community Project, It's a Wall Street Product
The core goal should be freedom
Bad Actors Abusing the Free Software Community, Vandalising It Using Rogue Politics and Old Tactics
Oil giants have long attempted to do this; now, the digital equivalent of Big Oil does this in technology
Social Control Media Isn't the Future, The Federation or Fediverse Isn't Growing, People's Accounts Vanish for Good
users' accounts will get deleted, not just become inactive
IBM is Failing, This Helps Show Wall Street is Entirely Detached From Actual Commercial Performance
IBM is unable to grow, it's just constantly shrinking
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 30, 2025
IRC logs for Tuesday, September 30, 2025
Clerical Aspects of Publishing and Development
In Free software, the management aspects are considerably reduced
Slopwatch: Fake Articles and Google News Promoting "Linux" Spam or Bot-Generated Fear, Uncertainty, Doubt (FUD)
These slopfarms help misplace blame
Third Wave of Microsoft Layoffs in September, This Time Many in Liverpool Affected
Be ready for more waves of layoffs ahead of the so-called "results" in late October