story of 2 patches to fix 1 bug

[Stuart Moore <smoore () securityglobal net>]

Hi,

Cesar Cerrudo wrote a nice little paper about Microsoft's MS05-049 patch 
for a vulnerability in csrss that was supposedly fixed earlier in the 
MS05-018 patch:


http://www.argeniss.com/research/MSBugPaper.pdf ("Story of a Dumb Patch")

The paper points out that the earlier "fix" added a validation function 
prior to a call to the vulnerable function, but that there remained 
other code paths to access the vulnerable function.


The new fix addressed the actual vulnerable function.

Stuart
--
Stuart Moore
SecurityTracker.com
SecurityGlobal.net LLC