Hi all,
I've recently found a very nonobvious solution for a Microsoft CryptoAPI issue. Because of a read-only flag on the (seemingly unrelated) CREDHIST file, the whole CryptoAPI stack was wildly misbehaving, from CryptAcquireContext() upwards. For the greater common good, I'd like to see this documented in MS KB, where it belongs.
From my past exploits around the MS KB I know that strangers aren't supposed to submit articles; only MS employees and contractors do. So I'm looking for a MS-affiliated sponsor who'd submit the article on my behalf. The credit does not matter; articles are anonymous anyway.
Full write-up here: http://social.msdn.microsoft.com/Forums/en/windowssecurity/thread/11b08625-b432-4667-ab82-a7e0ed008fc3