The failed Microsoft patch

Apparently the most recent patch by Microsoft is a dud. They did patch the CSRSS (Client/Server Runtime Server Subsystem), the user-mode part of the Win32 subsystem, and instead they just added some validation code right before the routine. Unfortunately, if they did the research more closely, they would have found that the attack path came from multiple angles and the validation code only covered one single angle. Oops.
Slashdot < eWeek