Re: Security vs. obscurity (Was: Re: Regmon(a new puz zle))

I’m not quite understanding how Microsoft is supposed to make patches
available without publicising them. The black hats certainly have NT systems
downloading updates for them to examine for new exploits. So who are we
protecting here? The public from knowing how vulnerable they are?

Mark Roddy
Hollis Technology Solutions

-----Original Message-----
From: Chuck Batson []
Sent: Wednesday, August 20, 2003 9:50 AM
To: Windows System Software Developers Interest List
Subject: [ntdev] Re: Security vs. obscurity (Was: Re: Regmon(a new puz zle))

Right. Whether specific instructions to take advantage of the expoit or a
patch for the exploit are made public, the result is basically the same.
Simply making it public knowledge opens the door for those with malicious
intent who realize human nature will provide a window of opportunity – the
time between the public announcement and the time individual users apply the
patch. I’m not advocating any particular position – there are valid
arguments from both sides, and I personally don’t know what the “right
answer” is. But I do find it interesting to ponder whether the worm would
have come about had there been no public announcement regarding the exploit
(including announcement of a patch).


----- Original Message -----
From: “Andrey Kolishak”
To: “Windows System Software Developers Interest List”
Sent: Wednesday, August 20, 2003 6:52 PM
Subject: [ntdev] Re: Security vs. obscurity (Was: Re: Regmon(a new puz

> that is not fully correct. The history is following.
> 1) lsd team has discovered the bug and inform/worked with microsoft to
> identify and fix it
> 2) After microsoft issued patch, lsd published their credits for
> discovering the problem, but they never published any details (at
> least no more than mircosoft itself) about the bug and of course never
> published any exploits
> 3) While Microsoft issued patch it urged everybody that bug is quite
> serious and must be patched asap
> 4) Using Microsoft patch some hackers made diff and identified fixed
> code as well as discovered the bug itself
> 5) some of those hackers wrote exploits and made them publicly
> available, that is about after 2 weeks patch released
> 6) Mircosoft urged everybody even more to install the patch
> 7) in about 2-3 weeks blaster worm appeared
> So researchers who discovered the bug are not responsible for blaster
> worm. The case has showed even if you keep silence it doesn’t stop
> exploits as soon as patch released.
> Best regards,
> Andrey
> >> How about a situation such as the most recent blaster worm? In
> CB> case,
> >> Microsoft
> >> found the exploit and made a fix available back in early JULY. It
> >> inattentive customers
> >> who failed to apply the patch and left their systems vulnerable.
> CB> (Count me
> >> as one of them
> >> for a couple of my own systems :frowning:
> CB> In this case the exploit was published. Which raises an
> CB> question: if it hadn’t, would the virus author have known about
> CB> exploit and would a worm using this exploit have been written?
> CB> Chuck

Questions? First check the Kernel Driver FAQ at

You are currently subscribed to ntdev as: To
unsubscribe send a blank email to