Full Disclosure mailing list archives
RE: Unofficial Microsoft patches help hackers, not security
From: "Christopher Carpenter" <ccarpenter () dswa net>
Date: Wed, 4 Jan 2006 11:58:35 -0700
________________________________ From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Joe Average Sent: Wednesday, January 04, 2006 11:50 AM To: Niek; full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Unofficial Microsoft patches help hackers,not security
From my blog:
""[Unofficial patches are available, as is a leaked official patch] [Unofficial patches are merely used by hackers as a tool to patch machines they've compromised, to stop other hackers hacking the same machine, although the machine is still accessable to the hacker.] [The consumer goes along to Windows Update on Tuesday and doesn't think they need a patch, because Microsoft tells them its not needed. Little does the consumer know their machine was patched by a hacker, who now has control over their computer network.]"" It means the unofficial patch is as harmful as the vulnerability and exploit code its self. ------------snip------------------ While this might be the case with binary-only patches, the patch released by Ilfak Guilfanov comes with the source. Review it and compile it yourself if you are concerned. Chris
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Unofficial Microsoft patches help hackers, not security, (continued)
- Re: Unofficial Microsoft patches help hackers, not security gboyce (Jan 04)
- Re: Unofficial Microsoft patches help hackers, not security Dan Trevino (Jan 04)
- Re: Unofficial Microsoft patches help hackers, not security Morning Wood (Jan 04)
- Re: Unofficial Microsoft patches help hackers, not security ad () heapoverflow com (Jan 04)
- Re: Unofficial Microsoft patches help hackers, not security Morning Wood (Jan 04)
- Re: Unofficial Microsoft patches help hackers, not security bkfsec (Jan 05)
- Re: Unofficial Microsoft patches help hackers, not security Colin (Jan 05)
- Re: Unofficial Microsoft patches help hackers, not security Michael Holstein (Jan 04)