Full Disclosure mailing list archives

RE: Unofficial Microsoft patches help hackers, not security

From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 4 Jan 2006 13:08:23 -0600

Joe Average (aka netdev) is confusing "patch" from llfak with the leaked
non-ready pre-release official Microsoft patch.
 
"Patch" from Ilak is good, pre-release patch from Microsoft bad.
 
http://djtechnocrat.blogspot.com/2006/01/wmf-six-days-til-checkered-flag
.html
 
-Todd


________________________________

        From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of
Christopher Carpenter
        Sent: Wednesday, January 04, 2006 12:59 PM
        To: full-disclosure () lists grok org uk
        Subject: RE: [Full-disclosure] Unofficial Microsoft patches help
hackers,not security
        
        

         

         

        
________________________________


        From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Joe
Average
        Sent: Wednesday, January 04, 2006 11:50 AM
        To: Niek; full-disclosure () lists grok org uk
        Subject: Re: [Full-disclosure] Unofficial Microsoft patches help
hackers,not security

         

        From my blog:

         

        ""[Unofficial patches are available, as is a leaked official
patch] [Unofficial patches are merely used by hackers as a tool to patch
machines they've compromised, to stop other hackers hacking the same
machine, although the machine is still accessable to the hacker.] [The
consumer goes along to Windows Update on Tuesday and doesn't think they
need a patch, because Microsoft tells them its not needed. Little does
the consumer know their machine was patched by a hacker, who now has
control over their computer network.]"" 

         

        It means the unofficial patch is as harmful as the vulnerability
and exploit code its self.
        
        

        ------------snip------------------

         

        While this might be the case with binary-only patches, the patch
released by Ilfak Guilfanov comes with the source.  Review it and
compile it yourself if you are concerned.

         

        Chris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Unofficial Microsoft patches help hackers, not security, (continued)
- - - Re: Unofficial Microsoft patches help hackers, not security Dan Trevino (Jan 04)
    - Re: Unofficial Microsoft patches help hackers, not security Morning Wood (Jan 04)
    - Re: Unofficial Microsoft patches help hackers, not security ad () heapoverflow com (Jan 04)
    - Re: Unofficial Microsoft patches help hackers, not security Morning Wood (Jan 04)
    - Re: Unofficial Microsoft patches help hackers, not security bkfsec (Jan 05)
    - Re: Unofficial Microsoft patches help hackers, not security Colin (Jan 05)
- Re: Unofficial Microsoft patches help hackers, not security nocfed (Jan 04)
- Re: Unofficial Microsoft patches help hackers, not security Simon Richter (Jan 04)
- Re: Unofficial Microsoft patches help hackers, not security Mike Hoye (Jan 04)
- RE: Unofficial Microsoft patches help hackers, not security Christopher Carpenter (Jan 04)
- RE: Unofficial Microsoft patches help hackers, not security Todd Towles (Jan 04)
- RE: Unofficial Microsoft patches help hackers, not security Jason Jones (Jan 04)
- RE: Unofficial Microsoft patches help hackers, not security Todd Towles (Jan 04)
  - Re: Unofficial Microsoft patches help hackers, not security Michael Holstein (Jan 04)