This page permanently redirects to gemini://gemini.techrights.org/2009/03/08/conficker-alive-vista-office-flaws/.
Posted in Microsoft, Office Suites, Security, Vista, Vista 7, Windows at 10:01 am by Dr. Roy Schestowitz
Patchy Tuesdays always get you down
Summary: New evidence for the lingering pattern of vulnerability, arrogance, and lack of responsibility at Microsoft
Conficker has been a colossal PR problem for Microsoft and security headache to its customers. For the uninitiated, here are some previous posts that we wrote about Conficker:
Microsoft’s Blame-Shifting Strategy Precedes More TroubleLeave Microsoft AloneNever Blame Microsoft, Blame Users and ExploitsBotnets and Bounties Versus Real SecurityIs Windows to Blame for Cracking of Federal Aviation Administration (FAA)?Windows Problems Take Down Airplanes, JFK Airport, Houston Municipal CourtsTurkey, France, United Stated Under Attack by Microsoft Windows InsecuritiesMicrosoft Adopts Malware Techniques to Advance .NETWindows Botnets Go Out of Control, Obama Web Site Delivers Windows MalwareOne Windows Worm, One Week, and Possibly 250,000,000+ New Windows ZombiesDeath by Microsoft WindowsUNIX/Linux Offer More Security Than Windows: EvidenceUS Army Becomes Zombies Army; London Hospitals Still Ill (Windows Viruses)Eye on Microsoft: Another Messy Week for SecurityWhy Conficker is a Blessing to GNU/Linux
Microsoft would rather pretend that Conficker is history, but it’s far from history. In fact, new variants of it are now appearing and Symantec has issued warnings. For the latest details, see:
i. Conficker Worm Strikes Back With New Variant
=> ↺ Conficker Worm Strikes Back With New Variant
The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn’t cause further harm. Until now.Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm’s mysterious creators haven’t abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.
ii. Conficker gets upgraded with defenses
=> ↺ Conficker gets upgraded with defenses
Researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga: a new module that is being pushed out to some infected systems.In a couple of ways, the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshark and regmon.
It gets worse. The illusion that Windows Vista can be secured is long dead, so no update or upgrade can redeem the user from becoming a zombie (even Vista 7 is open to hijackers [1, 2, 3], long before release). It’s the same old routine now that Windows Vista is discovered to be suffering from another “critical” flaw (or set thereof) which has not been patched yet.
=> long dead | no update | 1 | 2 | 3 | same old routine | ↺ not been patched yet
March’s Patch Tuesday will see yet another critical fix for Microsoft’s flagship operating systems.
Users of Microsoft Office will be left vulnerable for at least another month:
=> ↺ vulnerable for at least another month
Vole said that it will not be fixing a critical Excel vulnerability, which allows attackers to launch malicious code remotely on users’ computers via an infected Excel spreadsheet file.
From IDG:
=> ↺ IDG
Microsoft Corp. today said it will deliver three security updates on Tuesday, one of them ranked as “critical,” but will not fix an Excel flaw that attackers are now exploiting.All three updates spelled out in today’s notice will tackle vulnerabilities in Windows, but as is its practice, Microsoft did not drill any deeper than to specify which versions will be affected.
As usual, Microsoft is hiding the real scale and the real number of vulnerabilities. InformationWeek wrote about this also. █
=> Microsoft is hiding the real scale and the real number of vulnerabilities | ↺ wrote about this
“Our products just aren’t engineered for security.”
–Brian Valentine, top Windows executive
“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”
–Jim Allchin, top Windows executive
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
Permalink Send this to a friend
=> Permalink | ↺ Send this to a friend
=> Techrights
➮ Sharing is caring. Content is available under CC-BY-SA.
text/gemini;lang=en-GBThis content has been proxied by September (3851b).