Did Microsoft Patch Miss the Mark?By Ryan Naraine | Posted 2006-07-31 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Exploit code for a flaw patched in Microsoft's "critical" MS06-035 bulletin is released on the Internet, but the company's security response team says this is a brand-new, unpatched vulnerability.
An anonymous security researcher has posted a proof-of-concept exploit for a flaw patched in Microsoft's "critical" MS06-035 bulletin, but the company's security response team says the issue is actually a brand-new, unpatched vulnerability.
The researcher, who uses the online moniker "cocoruder," published the attack code on the Milw0rm Web site alongside a claim that it exploits a memory corruption in Mailslot to trigger a blue-screen Windows crash.
Microsoft shipped a Mailslot fix in the MS06-035 update released on July 11, but although the published code targets a similar flaw, Microsoft insists the exploit does not affect the same code path or functionality or vulnerability that was addressed by the update.
"We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar," said Adrian Stone, a program manager in Microsoft's security response center.
Read the full story on eWEEK.com: Did Microsoft Patch Miss the Mark?