Did Microsoft Patch Miss the Mark?

By Ryan Naraine  |  Posted 2006-07-31 Print this article Print

Exploit code for a flaw patched in Microsoft's "critical" MS06-035 bulletin is released on the Internet, but the company's security response team says this is a brand-new, unpatched vulnerability.

An anonymous security researcher has posted a proof-of-concept exploit for a flaw patched in Microsoft's "critical" MS06-035 bulletin, but the company's security response team says the issue is actually a brand-new, unpatched vulnerability.

The researcher, who uses the online moniker "cocoruder," published the attack code on the Milw0rm Web site alongside a claim that it exploits a memory corruption in Mailslot to trigger a blue-screen Windows crash.

Microsoft shipped a Mailslot fix in the MS06-035 update released on July 11, but although the published code targets a similar flaw, Microsoft insists the exploit does not affect the same code path or functionality or vulnerability that was addressed by the update.

"We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar," said Adrian Stone, a program manager in Microsoft's security response center.

Read the full story on eWEEK.com: Did Microsoft Patch Miss the Mark?


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that baselinemag.com may send you Baselinemag offers via email, phone and text message, as well as email offers about other products and services that Baselinemag believes may be of interest to you. Baselinemag will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit