General discussion


Windows patch, not from MS

By gbrownlee ·

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Not the first time

by Joseph Moore In reply to Windows patch, not from M ...

I've seen this type of thing before. Late last year, a bug for IE came out on Bugtraq. The security company ISS put out their own patch, sort of, until Microsoft got around to issuing their own official patch.
So for a couple months, I ran the ISS patch (which was really just a BHO, not a patch technically, but the BHO prevented the vulnerability in IE). When Microsoft put out their patch, I removed the ISS one, installed the real Microsoft patch (which did change .DLL files and stuff), and that was it.
This "patch" is really just making changes to the Registry, to prevent an IE flaw. But this one says it is for one found in March 2002. I would think it has been patched by Microsoft by now. That's a long time for something to be found and not be patched!

Collapse -


by TheChas In reply to Windows patch, not from M ...

Joseph is one of our best on security and related issues.

I am very cautious about any "patch" produced by a 3rd party source.

In the case of serious flaws, I would trust a patch from a security firm, or a web site that I knew and trusted.

My best advice, if in doubt, don't install any software from anyone.

As a side note, remember that Microsoft NEVER sends patches as email attachments.


Related Discussions

Related Forums