Ladies and Gentlemen, Girls and Boys: The Redmondian Leviathan

Microsoft Quality Control Problems: The Litany

January 27, 2020 by Marc Handelman in Security Cruft, Operating System Security, Operating Systems, Code Incomplete

via the inimitable Lawrence Abrams, writing at Bleeping Computer, comes the bad news for Microsoft Corporation (NASDAQ: MSFT) and Windows users worldwide. The latest Zero Day IE fix has apparently broken printing for a large number of users of the Windows operating system. What has happended to the once highly respected QA groups at the Redmondian Leviathan? Read more...

'On January 17th, 2020, Microsoft disclosed a zero-day remote code execution vulnerability in Internet Explorer 11, 10, and 9 that was being used in "limited targeted attacks". As no update is available yet, Microsoft released a temporary fix that involves changing the owner of the %windir%\system32\jscript.dll and denying access to the file for the Everyone group.' - via Lawrence Abrams, writing at Bleeping Computer

Microsoft Warns Of A 'New Wannacry': Newly Discovered 'Wormable' Exploit In The Wild

May 15, 2019 by Marc Handelman in Code Incompetents, Coding Incompetence, Information Security, Code Incomplete

Good News for organized crime, and other criminal, system attackers: Microsoft Corporation (NASDAQ: MSFT) has coughed up another furball of coding incompetence (aka CVE-2019-0708): Microsoft's Security Response Center's Director of Incident Response - Simon Pope, has announced a newly discovered 'wormable' exploit (a pre-user-authentication) attack, that is). More good work from the company helmed by Satya 'The Miracle Worker' Nadella (who, in reality is a superb leader of the Leviathan of Redmond (so ignore my gentle snark - if you are a fan). Today's Must Read.

"Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware." - via Microsoft Corporation's MSRC Director of Incident Response - Simon Pope

Who's Really Testing At Microsoft?

May 02, 2019 by Marc Handelman in Must Read, Code Incomplete

Woody Leonhard, Columnist at Compterworld, questions the efficacy of code testing by Microsoft Corporation's (NASDAQ: MSFT) Windows quality assurance personnel; todays Must Read post.

"Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning." Woody Leonhard, reporting at Compterworld, details patch failures in the latest Patch Tuesday event