The
experts are just that..experts. How is releasing a patch that cuts out a
vulnerable function in a DLL going to help attackers?
Example??
Releasing patches helps hackers when exploits don't already
exist...but in this case, they do already exist. A patch (even from Microsoft)
isn't going to give hackers/attackers anymore information then they currently
have and are using.
Attackers RCE microsoft patches all the time, to find the
vulnerable function and to create exploits. This is true, but in this case..it
isn't needed.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Average
Sent: Wednesday, January 04, 2006 12:33 PM
To: [email protected]
Subject: [Full-disclosure] Unofficial Microsoft patches help hackers, not securityIt has been said on C|NET/SecurityFocus and other places that "experts" are telling people to use unofficial patches, and to make things worse the "experts" are releasing patches. You've got to wonder who these "experts" are. By releasing unofficial patches, all you're doing is aiding the hackers, it doesn't help the situation one little bit for the overall picture of protecting Microsoft consumers. The majority of consumers aren't getting your unofficial patches, but you can be sure the hackers are using them, and using them to their advantage. If these unofficial patches weren't being released and experts weren't telling people to use them, I wouldn't be calling for Microsoft to bring forward the release date for the patch before the end of the week. It's the "experts" here who have now made the situation ten times worse, by giving their very bad advice and releasing their own unofficial patches.Well done the experts,You deserve the title after allMore some more:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
