Re: Raise your hand...
>receive HTTP data from the network into kernel space...
And then not range check it before using it. For Ned's sake! It is thirteen years since they promised to quit doing this stupid, freshman programmer level stuff. And now every public facing IIS website on Earth can be shutdown from anywhere on the planet, one compromised PC can hose your Intranet. Because their server OS doesn't validate network inputs directly in kernel space.
When will otherwise responsible organizations learn to stop trusting these people? This is not going to change, ever.
And apparently after failing for 13 straight years, this Scott Charney character is still there, in charge of not fixing it.
Biting the hand that feeds IT
