Tuesday, November 25, 2008

Unofficial patch released for Microsoft vulnerability

No, it didn't come from Microsoft. No, this isn't usual. At all.
The vulnerability affects Enterprise and Ultimate versions of Vista in both 32 and 64 bit flavours of the operating system. XP is immune. Phion has published a workaround in the absence of a fix from Microsoft itself.
It raises eyebrows when someone patches someone else's code. It's happened before, but not very often.

If it were me, I wouldn't use the patch. This seems to be a pretty hard bug to exploit. Certain classes of bugs, like Shatter, Blue Pill, and (maybe) this require pretty serious skills, and aren't easily scriptable. Net/net, you're unlikely to get attacked this way.

No comments: