released: bug fix for win32k.sys/_SetWindowWord (local variable initialization)

[Start Me Up]

Hello Windows 2000 fans,

a while ago when WildBill was backporting security updates from Windows XP to Windows 2000 he noticed a flaw in Microsoft's implementation of the security fix in the function "_SetWindowWord". By now Microsoft released an update for Windows 2000 to fix the security problem so WildBill's backported version has been superseded. However, the flaw still exists in the newest versions of win32k.sys from Microsoft both in Windows 2000 and in Windows XP.

The flaw causes problems in some applications which try to deal with their graphical user interface. In an extreme case it can cause the bluescreen "WINLOGON_FATAL_ERROR". The flaw has a pretty small security impact.

There is an update available to fix the flaw:

WINDOWS2000-OTSKB000004-V1-X86-INTL.exe

Since the newest version from Microsoft contains the security fix already, this update fixes the flaw only. It's all that was left to do.

There is more information available about this issue and this update in the article in the knowledge database:

OTSKB.chm

The patch updates the file "win32k.sys"

• from the version "5.00.2196.0004"
• to the version "5.00.2196.0005".

Special thanks go to

• @dencorso for reporting the bluescreen "WINLOGON_FATAL_ERROR" (0xC000021A) in Windows XP and narrowing down the problem to the Windows update "Windows XP (32 bits)/KB981957" and
• @WildBill for further narrowing down the problem to the function "_SetWindowWord" and to the exact machine instruction within the function.

Edited 2 hours ago by Start Me Up