Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

R E V I E W

PatchLink Helps Keep Windows Closed

September 2, 2002
By Patrick Mueller

>> continued from previous page

A Heap of Trouble

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	PatchLink Corp. PatchLink Update 3.0
	Other Products Reviewed
	Executive Summary
	Why Patch?
	How We Tested
	A Heap of Trouble
	Microsoft's Patch tools: Incomplete
	Report Card

To the left is a single item taken from the mssecure.xml patch database file provided by Microsoft and used by its HFNetChk tool as well as Shavlik Technologies' commercial version, HFNetChkPro Enterprise.

A heap-overflow vulnerability in Microsoft IIS was discovered during the writing of this article, and a patch was released at roughly the same time the vulnerability was announced. By examining the example, you can get an idea of how the tool works. For instance, this security bulletin patch is not included (obviously) in SP1 or SP2 but will presumably be present in SP3. The Q-number as well as a pointer to the patch download location are both included.