Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unofficial Patch For Windows URI Hole

Posted by kdawson on Thursday October 18, 2007 @03:57AM from the mother-please-i'd-rather-patch-it-myself dept.

dg2fer writes "For more than two months, the vulnerability of parsing URIs has been known for a number of Windows programs, including Outlook, Adobe Reader, IRC clients, and many more. Microsoft admitted the vulnerability only last week. The latest Microsoft patches published on October's Patch Tuesday did not include a solution, so hackers have taken on the problem themselves. One, KJK::Hyperion, has published (as open source) an unofficial patch that cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function."

3 of 85 comments (clear)

Min score:

Reason:

Sort:

Re:Well... by gQuigs · 2007-10-18 04:12 · Score: 5, Informative

Yup. http://www.reactos.org/en/index.html
Re:Well... by Xtravar · 2007-10-18 04:32 · Score: 5, Informative

I would mod this up, but I think I should explain why it's not off-topic instead.
The guy who wrote this patch actually works on ReactOS. http://www.reactos.org/wiki/index.php/KJK::Hyperion

I knew I remembered the name from somewhere.

--
Buckle your ROFL belt, we're in for some LOLs.
Hole in the Patch for the Windows URI Hole by dg2fer · 2007-10-18 04:41 · Score: 5, Informative

The author of the Patch for the Windows URI Hole, KJK::Hyperion, found a big bug in his patch for the Windows URI hole. "I just found a gruesome memory leak in it. A silly bug, brown paperbag-grade shame."

According to the article on heise security he did already publish a bugfix version of his patch -- hoping the best it's not buggy again.

--
The slighly overweight penguin.