Prevx patching Windows

04 Dec 2010

So Microsoft is doing a pretty bad job lately at patching known, and currently exploited, vulnerabilities, so Prevx is giving themselves some kudos for providing, as part of their Anti-malware software, a way to stop one of these exploits.

As far as I know, this is not common for one company to be offering patches for another companies software. This is what I advocated back in one of my older posts, but it just doesn't happen. Microsoft sometimes "patches" old software to get it to run on new versions of their OS's (as part of their application compatibility stuff) but these are usually bug fixes (so for example, they'll patch some old unsupported game so when it allocates an array, it allocates more memory than is actually asking for, because the original code had a buffer overflow in it that would crash the program when you tried to run it on the new OS). Also, Microsoft, as part of their EMET tool (for adding DEP and ASLR to any program) uses this same application compatibility technology to "patch" programs. But they don't specifically block one vulnerability. I guess some PSPs do perform some patching (McAfee ePolicy Orchestrator comes to mind), but I guess no one ever flaunts this like Prevx is doing.