Source -Microsoft's security patches sometimes fix more problems than their descriptions let on. This is not a new problem, nor is it unique to Redmond. As much as anything else, it is a consequence of the way patches are produced: when a vendor is analyzing and fixing one flaw, they might well discover other flaws in the same piece of code, and their patch will fix the whole set.
However, research by one security company, Core Security Technologies, suggests that in so doing, Microsoft may be underplaying the significance of various patches, which may lead companies to be less aggressive in rolling out patches for critical flaws.
In particular, the company believes that secret fixes in two of last month's patches make the patches more important than Microsoft's bulletins suggest. It has issued its own bulletins to discuss the additional fixed flaws.
Core Security Technologies analyzes patches to produce attacks for use with its penetration software; it uses real exploits to detect network vulnerabilities. Attackers do the same: comparing patched files to unpatched files to learn exactly what was patched is a common technique, which is one of the reasons that accurate assessments and timely deployment are so important.
The potential dangers of Microsoft's secret patches
Good read. I can understand Microsoft's reluctance to publicize particular vulnerabilities; but there is another side of this coin. Microsoft seems to rely on the fact that a majority of users have automatic updates turned on; therefore, MS does not have to be specific. Some of us, however, screen, pick, and choose our updates. Accurate information would be helpful. INMO this update should have been labeled critical instead of important.
Sometimes better being cheat around to be better protected...I do trust entirely MS because i'm an end-user afterall...I doing the same trying to see if someone could possibly hack my computer.
The chase!
I'm playing dumbiest one and hope the hackers doing dumb aswell thinking that i'm the smartiest one playing the dumbiest one.
The probs that those are dig in download center and people are not always aware or does not takes the time to read MS bulletins...but it is a good point to let people choose, if they do know what's going on.
Same here. I've said before and I'll say again: I use my discretion and my judgment as to which updates to install. It does take a little bit more time to read the update info provided but it's time well spent IMO.
Thanks for the link JMH.
Quote
