The linked blog entry talking about the bad code in Windows that caused the vulnerability is much more interesting: <a href="http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx" rel="nofollow">http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx</a>