The experts are just that..experts. How is releasing a patch that cuts
out a vulnerable function in a DLL going to help attackers?
Example??
Releasing patches helps hackers when exploits don't already exist...but
in this case, they do already exist. A patch (even from Microsoft) isn't
going to give hackers/attackers anymore information then they currently
have and are using.
Attackers RCE microsoft patches all the time, to find the vulnerable
function and to create exploits. This is true, but in this case..it isn't
needed.
__________________________________________________
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Joe
Average
Sent: Wednesday, January 04, 2006 12:33 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Unofficial Microsoft patches help hackers, not
security
It has been said on C|NET/SecurityFocus and other places that "experts"
are telling people to use unofficial patches, and to make things worse
the "experts" are releasing patches. You've got to wonder who these
"experts" are. By releasing unofficial patches, all you're doing is
aiding the hackers, it doesn't help the situation one little bit for the
overall picture of protecting Microsoft consumers. The majority of
consumers aren't getting your unofficial patches, but you can be sure the
hackers are using them, and using them to their advantage. If these
unofficial patches weren't being released and experts weren't telling
people to use them, I wouldn't be calling for Microsoft to bring forward
the release date for the patch before the end of the week. It's the
"experts" here who have now made the situation ten times worse, by giving
their very bad advice and releasing their own unofficial patches.
Well done the experts,
You deserve the title after all
More some more:
http://n3td3v.blogspot.com