<img alt="dcsimg" id="dcsimg" width="1" height="1" src="//www.qsstats.com/dcs8krshw00000cpvecvkz0uc_4g4q/njs.gif?dcsuri=/index.php/c/a/Business-Intelligence/Did-Microsoft-Patch-Miss-the-Mark&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.baselinemag.com&amp;WT.qs_dlk=XakVceehKCkS8tSEgxYK8AAAABU&amp;">
 
 

Did Microsoft Patch Miss the Mark?

By Ryan Naraine  |  Posted 2006-07-31 Print this article Print
 
 
 
 
 

Exploit code for a flaw patched in Microsoft's "critical" MS06-035 bulletin is released on the Internet, but the company's security response team says this is a brand-new, unpatched vulnerability.

An anonymous security researcher has posted a proof-of-concept exploit for a flaw patched in Microsoft's "critical" MS06-035 bulletin, but the company's security response team says the issue is actually a brand-new, unpatched vulnerability.

The researcher, who uses the online moniker "cocoruder," published the attack code on the Milw0rm Web site alongside a claim that it exploits a memory corruption in Mailslot to trigger a blue-screen Windows crash.

Microsoft shipped a Mailslot fix in the MS06-035 update released on July 11, but although the published code targets a similar flaw, Microsoft insists the exploit does not affect the same code path or functionality or vulnerability that was addressed by the update.

"We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar," said Adrian Stone, a program manager in Microsoft's security response center.

Read the full story on eWEEK.com: Did Microsoft Patch Miss the Mark?



 
 
 
 
 
 
 
 
 
 
 
 
 
 
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.