Microsoft goes the extra distance with a reported issue and the result is a patched Critical Remote Code Execution vulnerability when the original report was only an Important Information Disclosure risk.
Last week Microsoft released MS08-055 [1], patching a remote code execution vulnerability affecting the handling of onenote:// URLs in different versions of Office. What was surprising about the patch is that the vulnerability being fixed only bore a passing resemblance to the one that was notified to Microsoft in March of this year.
