[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Unofficial Microsoft patches help hackers, not security

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Unofficial Microsoft patches help hackers, not security
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Wed, 04 Jan 2006 16:51:47 -0500

This trend does nothing to prove netdev's post however. The situtation
that MW shows here, happens all the time. How many people are infected
with SDBot, but then apply the correct Microsoft patch to fix the hole.
They are still infected....the patch being applied after the fact has no
real effect on the security of the system.

Not to mention all the folks that installed the patch (including those that used automated roll-out tools) but didn't reboot the computer.

FWIW, the same is true of the patch to gdi32 and shimgvw.

/mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] Unofficial Microsoft patches help hackers, not security
  - From: Todd Towles

Prev by Date: Re: [Full-disclosure] Unofficial Microsoft patches help hackers, not security
Next by Date: Re: [Full-disclosure] WMF Exploit
Previous by thread: RE: [Full-disclosure] Unofficial Microsoft patches help hackers, not security
Next by thread: RE: [Full-disclosure] Unofficial Microsoft patches help hackers, not security
Index(es):
- Date
- Thread