Did Microsoft Patch Miss the Mark?

An anonymous security researcher has posted a proof-of-concept exploit for a flaw patched in Microsoft’s “critical” MS06-035 bulletin, but the company’s security response team says the issue is actually a brand-new, unpatched vulnerability.

The researcher, who uses the online moniker “cocoruder,” published the attack code on the Milw0rm Web site alongside a claim that it exploits a memory corruption in Mailslot to trigger a blue-screen Windows crash.

Microsoft shipped a Mailslot fix in the MS06-035 update released on July 11, but although the published code targets a similar flaw, Microsoft insists the exploit does not affect the same code path or functionality or vulnerability that was addressed by the update.

“We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar,” said Adrian Stone, a program manager in Microsoft’s security response center.

Read the full story on eWEEK.com: Did Microsoft Patch Miss the Mark?