Microsoft and Proprietary Software Leftovers

posted by Roy Schestowitz on Sep 13, 2023

• Microsoft Edge still forcing itself on users in Europe

  This was supposed to happen in Windows 11 Insider Preview Build 23531, and subsequent versions of Windows in the European Economic Area were expected to inherit that behavior.

  The change was made to comply with Europe's Digital Services Act and the Digital Markets Act (DMA), which require that companies designated as "gatekeepers" like Microsoft from self-preferencing.

  So far, there's no sign anything has changed, though Microsoft has until March 6, 2024 to comply.

• Lawyer's Microsoft email snafu goes from $1.75M lawsuit to Ctrl+Alt+Settle

  The attorney had asked for $1.75 million in the suit – $750,000 in damages and $1 million in punitive damages, accusing Microsoft of both breach of contract and "tortious business dealings" for "wantonly delaying the simple remedy of aiding one single email access."

  The original allegation was that Schlachter lost access to his Microsoft business email account on May 10 this year, but that the software giant failed to extricate him from a verification loop that was preventing him from getting into his account, which the filing said he paid for via a monthly subscription.

• Grab those updates: Microsoft flings out fixes for already-exploited bugs

  Five others are listed as critical.

  Let's start with the two currently under exploitation. First up: CVE-2023-36761, an information disclosure vulnerability in Word deemed "important" by Redmond with a 6.2 out of 10 CVSS severity rating.

• Beware of insecure networked printers

  Despite promises of a paperless office that have origins in the 1970s, the printer is still very much a security problem in the modern office.

  And even if Microsoft Corp. will succeed in its efforts to eradicate the universe of third-party printer drivers from its various Windows products, the printer will still be the bane of security professionals for years to come. The problem is that the attack surface for printer-related activities is a rich one, with numerous soft targets.

• Judge For FTC Rules Intuit Can’t Continue Its ‘Free To File’ Advertising Bullshit

  The old saying goes: there’s only two things that are permanent, death and taxes. For quite a while now, we could have added a third item to the list: Intuit annoying us to death with its bullshit advertisement about filing for taxes for “free.” You really should go back and read our posts on this topic if you’re not familiar with it, but the topline summary is simple enough. Intuit has spent years advertising to the masses that they can file taxes for free using its TurboTax platform as part of a government program, except only a third of the public qualifies for free filing and Intuit did every last thing possible to hide the options for free filing and collected money from many who would qualify to file for free instead.

• Will the Cyber Resilience Act help the European ICT sector compete? [Ed: Mirko Boehm moved from OIN to Linux Foundation this past summer. Always chasing money, even if that means software patents and monopolies [1, 2, 3, 4]]

  Much has been written about the potentially damaging effects of the draft EU Cyber Resilience Act (CRA) on the open source ecosystem (BitKom, Eclipse Foundation, VDA, OSBA, Linux Foundation - this post is based on a draft of the CRA from September 15, 2022). In this post, we are going to look at the CRA from a different perspective: As a part of the EU cybersecurity strategy, the higher-order goal of the CRA is the further development and strengthening of the integrated EU single market. Since open source software is the foundation of nearly every modern digital product, influencing how the open source ecosystem operates will be felt by the European businesses and citizens. Will the CRA be conducive to EU ICT policy goals?