Full Disclosure mailing list archives
RE: Unofficial Microsoft patches help hackers, not security
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 4 Jan 2006 13:56:16 -0600
The experts are just that..experts. How is releasing a patch that cuts out a vulnerable function in a DLL going to help attackers? Example?? Releasing patches helps hackers when exploits don't already exist...but in this case, they do already exist. A patch (even from Microsoft) isn't going to give hackers/attackers anymore information then they currently have and are using. Attackers RCE microsoft patches all the time, to find the vulnerable function and to create exploits. This is true, but in this case..it isn't needed. ________________________________ From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Joe Average Sent: Wednesday, January 04, 2006 12:33 PM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] Unofficial Microsoft patches help hackers, not security It has been said on C|NET/SecurityFocus and other places that "experts" are telling people to use unofficial patches, and to make things worse the "experts" are releasing patches. You've got to wonder who these "experts" are. By releasing unofficial patches, all you're doing is aiding the hackers, it doesn't help the situation one little bit for the overall picture of protecting Microsoft consumers. The majority of consumers aren't getting your unofficial patches, but you can be sure the hackers are using them, and using them to their advantage. If these unofficial patches weren't being released and experts weren't telling people to use them, I wouldn't be calling for Microsoft to bring forward the release date for the patch before the end of the week. It's the "experts" here who have now made the situation ten times worse, by giving their very bad advice and releasing their own unofficial patches. Well done the experts, You deserve the title after all More some more: http://n3td3v.blogspot.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Unofficial Microsoft patches help hackers, not security Todd Towles (Jan 04)
- RE: Unofficial Microsoft patches help hackers, not security Jeff Workman (Jan 04)