Author Topic: MS09-012: Fixing “Token Kidnapping”  (Read 2443 times)

0 Members and 1 Guest are viewing this topic.

April 14, 2009, 08:45:56 pm
Read 2443 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335

Addressing this issue required one of the most epic engineering efforts we have ever expended for a Microsoft security update. This security update changed parts of the Windows kernel; the COM, DCOM, and LSASS subsystems; the WMI and MSDTC built-in services; and the service control manager (SCM). We had to back-port much of the service token work implemented in Vista and Server 2008 down to XP and Server 2003. Some of our most senior developers and architects devoted time away from Windows 7 development to address this issue down-level. (Security updates are typically fully handled by the Sustained Engineering team.) The changes made were in sensitive parts of the OS which required some delicate re-architecture work to avoid application compatibility issues, which took a long time to plan and develop. Then we wanted to be absolutely sure we wouldn’t break anything after changing these core pieces of the Windows architecture so this update went through rigorous testing to iron out the issues testing uncovered. Only now is it finally ready to be released.
Ruining the bad guy's day