Re: [Full-disclosure] Unofficial Microsoft patches help hackers, not security

[gboyce <gboyce@xxxxxxxxxxxx>]

On Wed, 4 Jan 2006, Joe Average wrote:

> > From my blog:
>
> ""[Unofficial patches are available, as is a leaked official patch]
> [Unofficial patches are merely used by hackers as a tool to patch machines
> they've compromised, to stop other hackers hacking the same machine,
> although the machine is still accessable to the hacker.] [The consumer goes
> along to Windows Update on Tuesday and doesn't think they need a patch,
> because Microsoft tells them its not needed. Little does the consumer know
> their machine was patched by a hacker, who now has control over their
> computer network.]""
>
> It means the unofficial patch is as harmful as the vulnerability and exploit
> code its self.

Situation 1)
Hacker exploits system
Hacker installs rootkit
Hacker patches vulnerability
User checks for updates, and sees no vulnerabilities needing patches

Situation 2)
Hacker exploits system
Hacker installs rootkit
User checks for updates, and sees patch to WMF vulnerbility, and installs

Your comment seems to indicate that #2 here is somehow safer than #1, but 
I don't really see how.  At the end of the day you're still patched, and 
you're still already owned.  Detecting the exploit and rootkit are still 
going to have to happen outside of the patching process.

Or am I missing something?

--
Greg
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/