A Dumb Patch?
Monday, October 31, 2005
Hi everyone, Stephen Toulouse here. One of the security researchers that the MSRC works with, Cesar Cerrudo of Argeniss, has pointed out that update MS05-018 fixed an entry point to a vulnerable function without addressing the vulnerable function itself. Some people have called this a “dumb patch” and stated that MS05-049, where we addressed some other vulnerabilities and at the same time addressed the actual vulnerable function, was the proper fix.