Microsoft Updates Patch for Windows Flaw
Updated patch is for a security vulnerability discovered in Windows NT 4.0 in December.Microsoft Corp. has released an updated patch for a security vulnerability discovered in Windows NT 4.0 in December. The new update fixes a flaw in the original patch that installed the wrong binaries on multi-processor machines, causing them to crash in some situations. The original vulnerability that the patch was meant to fix affected Windows 2000 and XP as well. But the problem that prompted the release of the new patch only occurs in machines running Windows NT 4.0 Terminal Services Edition. When applied to NT machines, the original patch should have worked on both single-processor and multi-processor servers. However, the patchs installer copied the wrong binaries onto multi-processor machines.
The vulnerability that this patch fixes is a flaw in the way that the interactive desktop in Windows handles messages sent between some specific processes. The vulnerability results because its possible for one process to use a message sent at the expiration of a timer to cause another process to execute a callback. That callback would be executed at the address of the first process choice.
Find white papers on security.