Bonum Certa Men Certa

More Critical Vulnerabilities in Vista 7, Windows Left Unsafe for Another Month

Global warming



Summary: Microsoft does not patch serious flaws (it only patches one "critical" flaw, even in Vista 7) and many people are knocked offline as a result of Microsoft negligence

AS Microsoft prepares to patch critical problems in Vista and Vista 7 next week, it seems apparent that:

  1. Microsoft continues to be knowingly negligent when it comes to security (also see [1, 2])
  2. The latest version of Windows is just as vulnerable as predecessors and some experts say it is even more vulnerable


Among the posts which demonstrate the second point:



Here is the latest demonstration of the first point -- that Microsoft is being negligent. From The Register:

Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.

[..]

That may lighten the load on IT admins, but it also means potentially serious vulnerabilities known to affect Internet Explorer 8 and Windows 7 will be allowed to fester for at least another 28 days.

As reported previously by El Reg, the IE 8 bug can enable attacks against people browsing websites that are otherwise safe to view. The flaw can be exploited to introduce XSS, or cross-site scripting, exploits on webpages, allowing attackers to inject malicious content and code. Ironically, it resides in a feature Microsoft added to harden the browser against that very type of attack.

[...]

Also remaining unfixed is a bug that allows an attacker to completely lock up systems running windows 7 and Windows 2008R2. The flaw, which resides in the OSes' SMB, or server message block, can be triggered remotely by sending malformed traffic that specifies incoming packets that are smaller or larger than they actually are. SMB is a network protocol used to provide shared access to files and printers.


More at IDG:

Microsoft Won't Fix Windows 7 Crash Bug Next Week



[...]

However, the company acknowledged that it does not yet have a fix for a crippling bug in Windows 7 that went public nearly two months ago.

The expected update will patch a vulnerability rated "critical" -- Microsoft 's most serious rating in its four-step scoring system -- in Windows 2000. The bug also affects Windows XP, Vista and Windows 7, as well as Windows Server 2003, Server 2008 and Server 2008 R2, but is tagged as "low" for those editions.


And more from the British news:

Websense warns on Microsoft rogue AV



Searches redirect to malicious sites


Here again is the latest consequence of having hundreds of millions of Windows zombie PCs out there.

About 30,000 customers of the Cheshire-based ISP Vispa were forced offline for almost 12 hours today by a DDOS attack traced to the Baltic state of Latvia.


That would be a whole day's work/leisure lost for approximately 30,000 customers (some of whom are entire families). What would the cost of this DDOS attack? Either way, Microsoft UK is profiteering from this (also outside the UK), almost always at the expense of taxpayers (externalities to them).

Recent Techrights' Posts

World Press Freedom Day: WIPO censors Debian suicide cluster
Reprinted with permission from Daniel Pocock
Links 07/05/2024: Pulitzer for Supreme Court Expose, New Threats to Media Reported
Links for the day
Berlin police declined to investigate FSFE Nazi comparisons
Reprinted with permission from Daniel Pocock
 
Only Weeks After Microsoft Closed Offices and Studios It is Closing Several More (Many Layoffs, Still Deeply Debt-Saddled)
When the sad news writes itself
Bolivarian Republic Of Venezuela: GNU/Linux Reaches 9% (ChromeOS Included)
Venezuela must have lost interest in some American proprietary software when users were locked out of their own data (Adobe) and the costs could no longer be justified
[Video] Microsoft is Like Big Oil, Big Tobacco, and Other Perpetrators of Fear, Uncertainty, Doubt/Fear-mongering
openwashing, Microsoft lobbying, and Microsoft subsidies (e.g. bailouts in the form of 'defence' contracts)
Security & Debian: Urgent: New Feed URLs after another WIPO censorship
Reprinted with permission from Daniel Pocock
Gemini Links 07/05/2024: Smashing Windows (Moving to GNU/Linux) and Mastodon Time-wasting
Links for the day
Links 07/05/2024: Cheap EVs and Cloudflare Layoffs
Links for the day
[Meme] Communities Governed by Parasitic Elements and Girlfriends (Who Can't Understand Those Communities)
Karen Sandler and Molly de Blanc present at DebConf18
[Meme] You Can't Kill an Idea (or Facts)
Thankfully, in Western societies, there's still due process, rule of law etc. You don't just hire assassins or imprison critics
[Meme] Software in the Public Interest (SPI), Inc, Values Articles of Daniel Pocock at ~$5,000 Each (and Fails to Hide the Facts)
we are laughing, not grieving
IRC Proceedings: Monday, May 06, 2024
IRC logs for Monday, May 06, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] About 2,564 Internet Sites Now at Risk of Hostile Takeover by Microsoft-Sponsored Software in the Public Interest (SPI)
WIPO censors Debian suicide cluster
Links 07/05/2024: Burning Plastic Waste, Facebook Censoring Politicians
Links for the day
Gemini Links 07/05/2024: Smashing Windows (Microsoft Losing Users to GNU/Linux), Sixty Years of BASIC
Links for the day
Southern Asia is All Android (Majority) Now
It's looking better (almost) every month
Windows Already Down to 1% "Market Share" in Some Countries
it is a dying breed
Tesla Has Become a Ponzi Scheme or a 'Meme Stock'
They tell us Tesla is "worth" almost twice as much as a company that sold about 30 times more cars
For People at Red Hat "Job is at Risk"
Red Hat is consulting some notorious firms to implement cuts
Linux.com Became Mostly Dead, de Facto Marketing Site of "Linux" Foundation Products (Unrelated to Linux)
what has happened to the authoritative domain Linux.com
Microsoft GitHub: A Hair Salon Where You Get Awards for Nothing (NFT Vanity)
People aren't defined by some private (proprietary) database and Microsoft does not universally "score" developers
In Europe, Android is Bigger Than Windows (Android Now Measured at 45.1% Worldwide)
Right now in statCounter...
Links 06/05/2024: Al Jazeera Raided, Wildfire Season Coming
Links for the day
On Character Assassination Tactics
The people who leverage these dirty politics typically champion projection tactics
Links 06/05/2024: Scams and Politics
Links for the day
Gemini Links 06/05/2024: Reading and Computers
Links for the day
United States Entering the $100 Trillion Debt Trap, We Compare GAFAM Debt
Google's debt is about 6 times less than Amazon's
GitLab's Losses Grew From $172,311,000 to $424,174,000 Per Annum
Letting this company have control over your (or your company's) development/code forge may cost you a lot in the future
statCounter's Latest: Android Bouncing to New All-Time Highs, Windows Down to Unprecedented Lows
Android rising
Can't Bear the Thought We're Happy and Productive
If someone is now harassing online friends, attacking the wife, attacking my family (not just attacking and defaming people I know online) there are legal ramifications
IRC Proceedings: Sunday, May 05, 2024
IRC logs for Sunday, May 05, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Erinn Clark & Debian: Justice or another Open Source vendetta?
Reprinted with permission from disguised.work
Death of Michael Anthony Bordlee, New Orleans, Louisiana
Reprinted with permission from disguised.work
The Revolution Continues
Today we've published over 20 pages and tomorrow we expect more or less the same
Death of Dr Alex Blewitt, UK
Reprinted with permission from disguised.work
Software Freedom Conservancy (SFC), Inc. vs. Vizio, Inc. Is Costing the Free Software Foundation Money
FSF subpoena and deposition
Following the Herd (or HURD)
Society advances owing to people who think differently and promote positive change, not corporate shills
They Try to Replace the Creators of GNU/Linux and Hijack Their Word, Work, and Reputation
gnu.org is down at the moment; now I'm told it's back but very slow. DDoS?
Thiemo Seufer & Debian deaths: examining accidents and suicides
Reprinted with permission from disguised.work
Links 05/05/2024: Political Cyberattacks From Russia and Google Getting a Lot Worse
Links for the day
Gemini Links 05/05/2024: Infobesity and Profectus Beta 1.0
Links for the day
Running This Site Mostly a Joyful Activity
The real problem or the thing that we need to cancel is this "Cancel Culture"
Australia Has Finally Joined the "4% Club" (ChromeOS+GNU/Linux)
statCounter stats
Debian as a Hazardous Workplace Where No Accountability Exists (Nor Salaries)
systematic exploitation of skilled developers by free 'riders' (or freeloaders) like Google, IBM, and Microsoft
Clownflare Isn't Free and Its CEO Openly Boasted They'd Start Charging Everyone to Offset the Considerable Losses (It's a Trap, It's Just Bait)
Clownflare has collapsed
Apple Delivered Very Disappointing Results, Said It Would Buy Its Own Shares (Nobody Will Check This), Company's Debt Now Exceeds Its Monetary Assets
US debt is now 99.98 trillion dollars
FSFE Still Boasts About Working Underage People for No Pay
without even paying them
IRC Proceedings: Saturday, May 04, 2024
IRC logs for Saturday, May 04, 2024
Over at Tux Machines...
GNU/Linux news for the past day
The Persecution of Richard Stallman
WebM version of a new video
Molly de Blanc has been terminated, Magdalen Berns' knockout punch and the Wizard of Oz
Reprinted with permission from disguised.work
[Meme] IBM's Idea of Sharing (to IBM)
the so-called founder of IBM worshiped and saluted Adolf Hitler himself
Neil McGovern & Debian: GNOME and Mollygate
Reprinted with permission from disguised.work