Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of a Microsoft Patch

Posted by Zonk on from the live-and-learn dept.

buckethead writes "eWeek is running a story about a security patch from Microsoft that failed to adequately address a denial-of-service flaw on CSRSS (Client/Server Runtime Server Subsystem), the user-mode part of the Win32 subsystem. It stems from a research paper from Argeniss that discusses how Microsoft only patched one path to the vulnerable function, but they forgot to do proper research to identify all the paths." From the article: "The problem was that Microsoft didn't patch the vulnerable function; they just added some validation code before the call to the vulnerable function, but what Microsoft missed was that the vulnerable function can be reached from different paths and the validation code was added on just one of them"

3 of 183 comments (clear)

  1. Kathleen Malda denied me service by Sexual+Asspussy · · Score: -1, Offtopic

    but I addressed it with a Glock 21.

  2. firstpost by Anonymous Coward · · Score: -1, Offtopic

    firstpost. MT

    afasdfasd

  3. Story Quality by Anonymous Coward · · Score: -1, Offtopic
    It might be just me, but it seems that in recent times the quality of posts have gone way down...
    • duplicate posts
    • grammar and spelling mistakes
    • accuracy of headlines
    • freshness of the stories
    maybe its always been this bad!