Fundamental Hole in all Recent Versions of M$’s OS Exploited for a Month Before Being Patched

“all three holes can be exploited remotely”

So much for the vaunted security of that other OS. All versions since XP sp 3 have been actively exploited by malware artists for a month. All the malware artists had to do was insert some XML in a website to do whatever they wanted with PCs and servers running that other OS.

It’s just foolish

  1. to rely on that other OS for most IT, and
  2. not to punish M$ for waiting months to fix a problem M$ created that rendered so much IT a liability.

This vulnerability was public back on June 12 but was detected way back on March 22. “Assigned (20120322)”

It is a crime in Canada to cause death by negligence. That is analagous to cause most of IT to be so simply compromised and not to at least warn the world about the uncovered manhole that is M$’s OS. Instead M$ proclaims this or that new feature added to the bloat and making their stuff so wonderful…

I recommend Debian GNU/Linux because it works for you and not some corporation utterly unworthy of your trust.

Debian: “We will not hide problems
We will keep our entire bug report database open for public view at all times. Reports that people file online will promptly become visible to others.”

see Microsoft patches a critical hole in XML Core Services – The H Security: News and Features.

“Microsoft has patched an under-attack zero-day vulnerability in XML Core Services as part of the July edition of Patch Tuesday.”
see also The Register

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

4 Responses to Fundamental Hole in all Recent Versions of M$’s OS Exploited for a Month Before Being Patched

  1. oiaohm says:

    Chris Weig the cease from existance rate is faster on Android malware than Windows Malware.

    We are seeing Android Malware also evolve very fast.

    The current problem Android malware works like flame malware and other bot class malware. First part installed pulls in other parts to make it work. So able to prevent downloading give away parts to the testing locations.

    Reason all infection parts in one file is failing to get past screening on Android Market. So the android market is causing Malware to evolve.

    The nasty part is the form of Malware Android is now seeing is known to defeat all current anti-virus software on windows. Because this form of malware detects what anti-virus you have then downloads exactly the counter measures required to defeat that anti-virus.

    Yes anti-anti-virus tech. This level weapon is what has to be used against Android to get into the market. Problem is as virus writers get use to using more anti-anti-virus tech in Android its only a matter of time until we have second stage out breaks on windows.

    The big thing is we have also seen the existence of tri and quad platform infecting malware.

    http://net-security.org/malware_news.php?id=2185
    Mats Hagglund there was a response from Linux distributions blacklisting the signing key. Effectively stopping the problem working on future systems. ie if you have a java file signed by this key abort. Simple solution really could have been applied to all platforms.

    Also the other part is they glitched writing the malware. Yes they download a .bin file on Linux. They forgot to chmod 700 it. So it did not infect. Yes the executable bit of Linux does stop a lot of things.

    This is one particular advantage of Linux you do have to remember to give particular things executable status to work.

    Other than a few idiots who fixed the .bin and run it on Linux no one else got infected on Linux.

  2. Chris Weig says:

    Shouldn’t you be more interested in this?

    http://arstechnica.com/security/2012/07/more-malware-found-hosted-in-google-android-market/

    Since Windows is becoming meaningless real fast, and Android’s taking over the world. Just saying.

  3. Mats Hagglund says:

    This next is interesting too:

    http://net-security.org/malware_news.php?id=2185

    “The compromised website of a Colombian transport company has been found serving a signed Java applet that detects whether the visitor is using a Windows, OS X or Linux machine and drops a different Trojan for each platform:

    “All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively,” points out F-Secure.

    Windows and Mac users are asked to trust and run the served malware, but if the latter run OS X on an Intel processor, they will also be asked to install Rosetta – a piece of software needed to allow
    applications written for Macs with PowerPC processors to run on an Intel one: ”

    However – later we will find anything about Linux. And not from here too:

    https://www.f-secure.com/weblog/archives/00002397.html

    They wrote only about Windows – and Mac.

  4. dougman says:

    Customer question: Seriously!?….When does the madness end?

    Response: Uhhhh..NEVER!

    Today I read, “Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack” then further down I read why Blackhat conference is forcing their hand, “As Computerworld notes, researchers are getting ready to disclose Gadget vulnerabilities at the Black Hat conference this month.”

    Rather ironic that a 3rd party needs to point out vulnerabilities, to the developer of the operating system, makes you wonder what would have happened had they not done so.

    “The company’s website now advises users not to seek out Gadgets from untrusted sources.” a trusted repository of software as done with all the major Linux distributions would be the way to go in this case.

Leave a Reply