Nothing to do with this story i don't guess but when I ran my mouse over the ms ad the title read "gratuitous monkey skull" which is the alt/title from my own sites bottom graphic and I haven't gone there this session fire fox maybe needs some work or perhaps it's a feature.

The source code for this patch reveals it to have what as far as I can tell is a serious and very likely exploitable heap buffer overflow. I'll be posting a longer analysis later when I've had a chance to polish it up, but the underlying bug, in case anyone wants to take a look for themselves is in an algorithmic error: the author repeatedly tries to convert the count of WCHARs in a string into a size in bytes by dividing by the size of a WCHAR instead of multiplying it, which produces a result that is only a quarter of what it should be. Check the way cbPrefix is miscalculated and then used later to size a heap buffer that is LocalAlloc'd and, I'm fairly sure, the reassembled url gets written right over the end of this buffer and into trailing heap space.

Your post is surely a 'may contain highly-techinical content that leads to 95% of readership head explosions'

Notwithstanding, please do your further analysis and post findings soonest

I do not often tout/support M$, or their ivory tower lofty opinions and self-opinions, but flaw-finding in unofficial patches is:

a) worthy and to be respected, even though it

b) supports M$ 'party line' against installation of sauch patches

What's the take on Vista? That part of the story seems to have been cut off.

"Redmond's planned patch, whose release date remains unclear, is targeted at Windows Server 2003 and Windows XP with Internet Explorer 7 installed. Vista "

What about Vista? Perhaps the rest of the sentence would go something along the lines of, "Vista is not so much an Operating System, as a chocolate teapot, and since it can't be reasonably expected to do anything useful, may safely be ignored when applying Operating System patches."

I cant even install the LAST security update; every time I have done so, my PC wont start on reboot and I have to revert to "Last Known Good Configuration".

Lucky I use Firefox for everything except Windows Update which, despite M$ claims to the contrary WONT work with anything other than IE