Microsoft has done it again.

ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."
another interesting quote
Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed.
I'm not sure if this occured to Jim but maybe they should of started working on fixing those flaws. Leaving any flaw unfixed is just plain dumb even if it is closed source.

Read the article here
http://security.tombom.co.uk/shatter.html
what I pasted above
http://slashdot.org/articles/02/08/0....shtml?tid=172

This kind of ties in with my thread about how exploits should be relesed. http://www.antionline.com/showthread...202#post558202
Should he of relesed a working example? Normaly I would say no but M$ has known about this for a long time. They had there chance and now the rest of us have to pay for it.