Token Kidnapping fixed

I had gone into a little detail about explaining token kidnapping in an earlier post. Despite all the difficulties involved in fixing this, MS has released a comprehensive patch that addresses all the issues in MS09-012. This was a monumental effort, so kudos to all the teams involved in coordinating and getting this out the door.

Here is some further reading from MSRC and SRD on the topic.

No Comments