Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of a Microsoft Patch

Posted by Zonk on from the live-and-learn dept.

buckethead writes "eWeek is running a story about a security patch from Microsoft that failed to adequately address a denial-of-service flaw on CSRSS (Client/Server Runtime Server Subsystem), the user-mode part of the Win32 subsystem. It stems from a research paper from Argeniss that discusses how Microsoft only patched one path to the vulnerable function, but they forgot to do proper research to identify all the paths." From the article: "The problem was that Microsoft didn't patch the vulnerable function; they just added some validation code before the call to the vulnerable function, but what Microsoft missed was that the vulnerable function can be reached from different paths and the validation code was added on just one of them"

7 of 183 comments (clear)

  1. It's no wonder... by Anonymous Coward · · Score: 5, Funny

    A Microsoft Microsoft patch? That's the worst kind!

  2. Movie Deal by jettoki · · Score: 5, Funny

    From TFA:
    It's being called the "story of a dumb patch."

    Soon to be a 200-part epic, starring John Goodman as Steve Balmer.
    Coming to a Windows Vista box near you!

  3. Hey ... by b3x · · Score: 3, Funny

    At least they tried! And mommy says thats what counts.

  4. The Story of a Microsoft Patch by AthenianGadfly · · Score: 4, Funny

    The Story of a Microsoft Patch
    A Tragedy in Three Acts

  5. Re:Liability by Lillesvin · · Score: 5, Funny

    [...] just like pizza: do you use to pay for pizza after or before you ate it?

    Usually the delivery boy won't let go of the damn box until I hand him the money.

    --
    "Live free or don't."
  6. Deja vu by HangingChad · · Score: 4, Funny
    Microsoft Microsoft only patched one path to the vulnerable function

    It's a glitch in the Matrix. It usually means they've changed something...

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  7. health care coverge and the patch by goombah99 · · Score: 5, Funny

    Is a microsoft patch anything like one of those Nicotine patches that help you stop smoking? If so I wonder if my health care will cover it. I'd like to slap one of those on asses of my co-workers and help get them off their addiction to microsoft.

    I guess one might consider Linux to be sort of a methadone. Something that hels you with your cravings for the bad stuff, but ultimately leaves you without that satsifying high.

    Personally I useto OSX, but I'm not addicted. I could stop anytime I want to. I just don't want to that's all. Now excuse me while I watch the Genie effect a few times before I send this.

    --
    Some drink at the fountain of knowledge. Others just gargle.