Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Unofficial Microsoft patches help hackers, not security
From: gboyce <gboyce () badbelly com>
Date: Wed, 4 Jan 2006 14:43:27 -0500 (EST)

On Wed, 4 Jan 2006, Joe Average wrote:

From my blog:

""[Unofficial patches are available, as is a leaked official patch]
[Unofficial patches are merely used by hackers as a tool to patch machines
they've compromised, to stop other hackers hacking the same machine,
although the machine is still accessable to the hacker.] [The consumer goes
along to Windows Update on Tuesday and doesn't think they need a patch,
because Microsoft tells them its not needed. Little does the consumer know
their machine was patched by a hacker, who now has control over their
computer network.]""

It means the unofficial patch is as harmful as the vulnerability and exploit
code its self.

Situation 1)
Hacker exploits system
Hacker installs rootkit
Hacker patches vulnerability
User checks for updates, and sees no vulnerabilities needing patches

Situation 2)
Hacker exploits system
Hacker installs rootkit
User checks for updates, and sees patch to WMF vulnerbility, and installs

Your comment seems to indicate that #2 here is somehow safer than #1, but I don't really see how. At the end of the day you're still patched, and you're still already owned. Detecting the exploit and rootkit are still going to have to happen outside of the patching process.

Or am I missing something?

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]