Recent Microsoft patch useless
If you have been turned over already
Monday, 16 March 2009, 14:09
VOLE SEEMS TO HAVE BOTCHED its MS09-008 patch which was designed to fix the Man-In-The-Middles attacks on Windows DNS and WINS. While it works for machines that have never seen or heard of the exploit, it cannot help those which have already been infected.
Tyler Reguly, a researcher on nCircle's VERT team, pointed out that the patch checks to see which entries have been created in the DNS server and only adds block list entries for values not already being served.
Vole said the patch worked like it was supposed to, and was not meant to protect people who had already fallen to the exploit... so there. μ
L'Inq
Tech Herald
Share this:
Share
Advertisement
Subscribe to the INQ Newsletter
Sign-up for the INQBot weekly newsletter
INQ Whitepapers
Business Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Jobs
Advertisement
INQ Poll
So the Microsoft position is to help you only if you don't need it yet.
That's kind of like rescuing passengers from a sinking ship only if they haven't fallen in the water yet. Just the kind of policy I'd expect from MS.
But MS is like a snake. Half what it takes to stay alive is just knowing where the little bugger is. Works for me. I've never trusted MS and I still don't.
wrote about 4 commentos & feedbacks about norton/7/creative sound blaster audiology se 24 bit being blowout when media center internet sample played & chunked. creative didn't have specific drivers. now after few weks went back & creative in forum, not download/support had driver for similar except se available in beta, 55 mb. installed alchemy with it & media 7. now audio is strong. so thought add good word about how in few weeks of hiccups & complaints, somehow sound card came back on board.Microsoft added 3 older updates as well in that timeframe.(fed M/S back,to) thanks.STeWie drashek Happy Camper.
Surely no patch can restore any system to security once it has been compromised?