Users should stay away from third-party patches for Windows flaws

by Radu Tyrsina
Radu Tyrsina
Radu Tyrsina
CEO & Founder
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of... read more
Affiliate Disclosure

Security issues have become mainstream news in the past few years, with many big names falling victim to ongoing cyber attacks. Now more than ever, a fortified defense is important and many software developers are working around the clock to provide potent security updates that will prevent breaches.

Problems persist for Microsoft

The last place people would expect to see a crack in security is Windows, the operating system developed by the tech giant Microsoft. Unfortunately, those cracks are real, and the Project Zero team from Google has put the Windows maker on blast.

The current situation puts Microsoft in a position in which it has to acknowledge serious internal vulnerabilities pertaining to one of its .dll files. Users are upset with the company since canceled February’s Patch Tuesday and promised a more robust patch in March despite the gravity of the problem.

A solution has appeared from an unpredictable source

This led third-party security provider 0patch to deliver a solution that would solve the vulnerability. Many praised the initiative, but it turns out it might not be a good idea to rely on this helping hand as perfect as the timing might be. Security professional Chris Goettl says that there EULA concerns that come into play when security updates are being installed. If something goes wrong, Microsoft won’t take responsibility for another developer’s patch. In his own words:

The problem starts to come in when dealing with software especially where there may be warranties or EULAs involved. If something was to go wrong and the versions of files are unexpected, Microsoft will be resistant to supporting the system until it is reverted back to production files.

“Many 3rd parties consume and modify Microsoft components, but in doing so they assume support for those files. Once Microsoft releases a fix will it install over the top of the changes from 0Patch? If any issues occur it leaves the user\company in a gray area.”

Users are kind of forced to endure this security issue until Microsoft comes out with its own solution. This won’t happen until later on, most likely, and could lead to some exploits being deployed by malicious entities. It remains to be seen how the situation evolves.


This article covers:Topics: