Unofficial Windows URI patch flawed
In a somewhat shame-faced posting to Full Disclosure, KJK::Hyperion reports a bug in his original unofficial patch for the URI vulnerability, for which Microsoft finally accepted responsibility a week ago. In his own words, "I just found a gruesome memory leak in it. A silly bug, brown paperbag-grade shame." However, he has already posted a new version that supposedly fixes this problem, although independent patches such as this must always be treated with extreme caution. Meanwhile we still await an official solution from Microsoft.
(mba)