[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Unofficial Microsoft patches help hackers, not security
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Unofficial Microsoft patches help hackers, not security
- From: "Christopher Carpenter" <ccarpenter@xxxxxxxx>
- Date: Wed, 4 Jan 2006 11:58:35 -0700
________________________________
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Joe
Average
Sent: Wednesday, January 04, 2006 11:50 AM
To: Niek; full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Unofficial Microsoft patches help
hackers,not security
>From my blog:
""[Unofficial patches are available, as is a leaked official patch]
[Unofficial patches are merely used by hackers as a tool to patch
machines they've compromised, to stop other hackers hacking the same
machine, although the machine is still accessable to the hacker.] [The
consumer goes along to Windows Update on Tuesday and doesn't think they
need a patch, because Microsoft tells them its not needed. Little does
the consumer know their machine was patched by a hacker, who now has
control over their computer network.]""
It means the unofficial patch is as harmful as the vulnerability and
exploit code its self.
------------snip------------------
While this might be the case with binary-only patches, the patch
released by Ilfak Guilfanov comes with the source. Review it and
compile it yourself if you are concerned.
Chris
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/