I’ve recently found a very nonobvious solution for a Microsoft CryptoAPI issue. Because of a read-only flag on the (seemingly unrelated) CREDHIST file, the whole CryptoAPI stack was wildly misbehaving, from CryptAcquireContext() upwards. For the greater common good, I’d like to see this documented in MS KB, where it belongs.
From my past exploits around the MS KB I know that strangers aren’t supposed to submit articles; only MS employees and contractors do. So I’m looking for a MS-affiliated sponsor who’d submit the article on my behalf. The credit does not matter; articles are anonymous anyway.
Full write-up here:
http://social.msdn.microsoft.com/Forums/en/windowssecurity/thread/11b08625-b432-4667-ab82-a7e0ed008fc3
Try submitting the relevant comments, writeup, etc. via the “Send comments about this topic to Microsoft” link from a top-level CryptoAPI MSDN page (which just generates an email).
EDIT: If you’re a TechNet subscriber, you have two free incidents you can use to contact Microsoft about this. You’ll also get guaranteed forum replies from Microsoft with a subscription. If you don’t subscribe, you can pay some money for a one-time incident. Or, if you can phrase it as a Vista SP1 issue, you might be able to get some attention for free.