From: http://www.ntinternals.com/ntdll.htm
by Mark Russinovich.
> A little over a year ago I wrote a program called NTCrash that barraged
> the Native API interface with garbage parameters. The program discovered
> 13 WIN32K system services that failed to perform comprehensive parameter
> validation, the result of which were Blue Screens. Microsoft closed these
> holes in Service Pack 1.
> About two months ago I revisited NTCrash and tweaked it to be more intelligent
> about generating garbage - the garbage this new version, NTCrash2, produces
> hits boundary conditions that can be easy to miss in validation. In fact,
> this revision found 40 more APIs with Blue Screen holes. Microsoft has been
> made aware of the holes and they will be closed in Service Pack 4."
40?! I wonder how many of these could be turned into exploits?
Paul
-- "Il software e' come il sesso; e' meglio quando e' gratis - LT"