back to article Chinese web giant finds Windows zero-day, stays schtum on specifics

Chinese company Quihoo 360 says it's found a Windows zero-day in the wild, but because it's notified Microsoft, it's not telling anyone else how it works. In this Weibo post (unless you speak Mandarin you'll need a translation tool), the company announced an “APT attack” on the unspecified zero-day “on a global scale”. …

  1. Anonymous Coward
    Anonymous Coward

    Edge has had a pretty bad run of RCE bugs too (over half). Perhaps time for Microsoft to give up developing browsers altogether and stick to something they are good at?

    1. Notas Badoff Silver badge

      Qui est hic "qui"?

      Qihoo. Strange bird, meet strange tiger.

    2. Duncan Macdonald Silver badge

      What ?

      What are they good at ?

      1. Christian Berger Silver badge

        Re: What ?

        "What are they good at ?"

        Lobbying schools to drop programming lessons and switch to Office 95 courses instead. They were pretty successfull with that in the 1990s.

      2. Fungus Bob Silver badge

        Re: What are they good at ?

        They're good at the same thing Cadillac was good at in the 1980's - badge engineering.

        https://en.wikipedia.org/wiki/Cadillac_Cimarron

    3. Anonymous Coward
      Anonymous Coward

      Re: Edge has had a pretty bad

      Edge is just IE12 web render engine with a new UI frame.

      They say it's new, but it's just PR. In reality it's just a refactored web render engine based on the IE11 trident. Even in IE11, trident got renamed to "Edge" as you can see e.g. in F11 WebDev tools. So no wonder it shares many but not all defects, glitches and bugs that can be traced back to IE3. And some minor glitches persisted between the good ol Mosaic browser (nevertheless IE1 was a direct fork of it) and Edge browser - means certain parts were kept untouched between 1994 and 2018, probably because no one understood the side-effects and various third parties depended on that behaviour.

      1. Wade Burchette

        Re: Edge has had a pretty bad

        "Edge is just IE12 web render engine with a new UI frame."

        Makes sense. Why do updates to it require a restart? (And why do add-ons require the Microsoft Store? Don't answer that last one, I know why.) Why does a browser have to be intertwined so tight with the OS?

        And, of course, since Edge is essentially IE with a new UI and since this is new Microsoft, the UI is absolute garbage, just like Windows 8 and 10's UI is absolute garbage. Ugly, ribbon everywhere when it should be nowhere, what was once 1 step is now 5, confusing. I don't care if Edge can load pages 5 times as fast as any other browser, if the UI is a confusing stupid nightmare then I won't ever be using it. Microsoft has forgotten that designs should be easy to use and logical.

    4. herman Silver badge

      "something they are good at" - The Microsoft Mouse was pretty good...

      1. yossarianuk

        Their joypads were pretty cool too - I remember you could daisy chain up to 4 sidewinders via the PC's game port (this was pretty good at the time as this was pre USB)

        Also the sidewinder drivers were added to the Linux kernel so worked out the box with no additional drivers needed (unlike in Windows..)

      2. TheTor

        was? Still is - mines still in use every day. Built like tanks...

      3. Dan Wilkie

        I must admit, my old fashioned non-bluetooth wireless MS mouse (the black one with the dongle) has outlasted pretty much all my peripherals (bar a LaserJet 4050 collecting dust in the garage), and is still one of my favourites.

    5. oldcoder

      "stick to something they are good at..."

      Lawsuits? Perjury? Bribery? Kickbacks?....

      Not sure of anything else they were good at...

      :-)

    6. This post has been deleted by its author

  2. Mark 65 Silver badge

    Price to be paid

    Microsoft would far prefer that users stopped using Internet Explorer and adopted its Edge browser instead. Some users are proving stubborn, though: according to Net Market Share, IE still has a rusted-on 12 per cent of the browser market.

    That's the price you have to pay for stepping away from the W3C standards and implementing the shit that is/was IE6 that countless organisations are now dependent upon due to legacy author-gone-bust applications using some of its various quirks.

    Karma.

  3. Mark 85 Silver badge

    Given that it's China, I wonder how many zero-days they have that haven't been reported? I'd also assume that Russia has a few along with the 5-I's. But it is a good gesture on their part.

  4. Anonymous Coward
    Anonymous Coward

    Windows 7 < > Edge

    When a large chunk of your user base can't use Edge, why so much gnashing of teeth?

    Oh I see, it's user error in not upgrading to Windows 10.

    1. Ken Hagan Gold badge

      Re: Windows 7 < > Edge

      I *have* upgraded to Win10, but like many other people I know, I found that Edge stopped working (early in the New Year) with a number of sites I expect to use and so I reverted to IE because it still works. (Obviously on a machine that isn't supposed to be "as customers see it", I'd have installed a proper browser and wouldn't bother with either of Microsoft's pieces of polished turd.)

      Once Edge is finished, I'll give it another whirl.

      1. Steve Davies 3 Silver badge
        Holmes

        Re: Once Edge is finished, I'll give it another whirl.

        That will be 2030 then?

        Will MS still be relevant then?

    2. LDS Silver badge

      Re: Windows 7 < > Edge

      Yet if anyone at MS believes Edge could be a driver for Windows 10 adoption, they should stop using any substance they're using...

  5. John Smith 19 Gold badge
    Unhappy

    "Oh I see, it's user error in not upgrading to Windows 10."

    Correct.

    And as far as they are concerned it always will be.

  6. Anonymous Coward
    Anonymous Coward

    NO

    technical reasons why "edge" wont work on win 7.

    None, not one, zero, zilch.

    Other than the fact they want you on their latest data slurping platform, that is the abortion (sorry, not sorry) known as Windows 10.

  7. Milton Silver badge

    "Perhaps time for Microsoft to ... stick to something they are good at?"

    "Perhaps time for Microsoft to ... stick to something they are good at?"

    Hmm ... I think you may have backed them into a bit of a corner, there.

    Marketing (which M$ is undeniably good at) usually requires something to market, which they won't have if they give up on their principal, time-honoured activity of crimping off logs of vastly bloated, inefficient, unnecessarily complex code reeking with bugs and vulnerabilities—which then lie around attracting the billion or so flies who just luurve that smelly but oh so easy-to-digest badness.

    I still find myself mildly surprised that M$ haven't contrived an excuse for issuing their own sui generis version of FBM Linux, a version merely tripled in size with lots of lovely padding for "telemetry" (spying on customers), "reporting" (disguising the existence of bugs), "help" (attempts to sell additional shit), "integrated functionality" (locked-in, inferior, proprietary applications you didn't want) and my favourite "security" (malware filter that permits only M$ shit to infect you).

    I guess it's only a matter of time ....

    F***ed By Microsoft, of course.

  8. redpawn Silver badge

    The price of Freedom

    As with the second amendment one can expect casualties using MS products to exercise first amendment rights. This is price for having the freedom to defend yourself or express yourself.

  9. Alan Brown Silver badge

    " IE still has a rusted-on 12 per cent of the browser market."

    Largely thanks to rusted on stuff that insists on crap like ActiveX and won't run in Edge.

    1. Anonymous Coward Silver badge

      ActiveX

      Has anyone found an IP camera that doesn't require an ActiveX plugin to configure, that also doesn't cost too much??

      I keep an XP virtual machine floating around for exactly this sort of thing, but it's hassle to fire it up.

      1. Chemist

        Re: ActiveX

        "Has anyone found an IP camera that doesn't require an ActiveX plugin to configure, that also doesn't cost too much??"

        Well I'd suggest an old Android phone with an app. Or better a Pi with camera running Motion. At client end VLC or in my case ffplay

      2. JimmyPage Silver badge
        Boffin

        Re: IP camera that doesn't require an ActiveX plugin

        All of them ?

        Suggest you checkout Zoneminders forums, and follow links from there. There's tonnes of data on various no-name cameras. From my experience. they can all be controlled via HTTP querystrings.

        (Funnily enough I just got an IP camera that's been off since 2013 working again under Linux. If it helps, you can catch 5 seconds worth of video with:

        ffmpeg -i "http://192.168.10.123/videostream.cgi?user=admin&pwd=123456&resolution=640,480" -acodec pcm_mulaw -vcodec copy -force_key_frames 'expr:gte(t,n_forced*5)' -y -t 5 recording.asf

        In fact if you Google "videostream.cgi" you should start finding links. Or if you're happy wiresharking or using Chromes debugger, you can see the data structures involved.

        1. Archivist

          Re: IP camera that doesn't require an ActiveX plugin

          I bought a recommended no-name camera that didn't need ActiveX, and was so happy I purchased 2 more from the same supplier. To my horror although the same model number, these needed ActiveX.

          As a Mac and Linux user they were no good to me. I tried to return them through eBay but the supplier could not understand my problem, and stalled for long enough for the return deadline to expire. I eventually got my money back from Paypal. It was a load of hassle.

          Subsequent cameras have been rather more expensive named brands, but much less hassle!

  10. arctic_haze Silver badge

    Poor Microsoft

    People are still using, against its crocodile-tears urgings, the very browser Microsoft worked very hard to bind them with.

  11. eragon384

    Update???

    Has anyone heard any updates on this? I cant seem to find anything on this that continues the conversation or says what Microsoft is actually going to do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019