RE: [Full-disclosure] Unofficial Microsoft patches help hackers, not security

Wed, 04 Jan 2006 11:08:50 -0800

Joe Average (aka netdev) is confusing "patch" from llfak with the leaked non-ready pre-release official Microsoft patch.
 
"Patch" from Ilak is good, pre-release patch from Microsoft bad.
 
 
-Todd

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Carpenter
Sent: Wednesday, January 04, 2006 12:59 PM
To: [email protected]
Subject: RE: [Full-disclosure] Unofficial Microsoft patches help hackers,not security

 

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Average
Sent: Wednesday, January 04, 2006 11:50 AM
To: Niek; [email protected]
Subject: Re: [Full-disclosure] Unofficial Microsoft patches help hackers,not security

 

From my blog:

 

""[Unofficial patches are available, as is a leaked official patch] [Unofficial patches are merely used by hackers as a tool to patch machines they've compromised, to stop other hackers hacking the same machine, although the machine is still accessable to the hacker.] [The consumer goes along to Windows Update on Tuesday and doesn't think they need a patch, because Microsoft tells them its not needed. Little does the consumer know their machine was patched by a hacker, who now has control over their computer network.]""

 

It means the unofficial patch is as harmful as the vulnerability and exploit code its self.

------------snip------------------

 

While this might be the case with binary-only patches, the patch released by Ilfak Guilfanov comes with the source.  Review it and compile it yourself if you are concerned.

 

Chris

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to