There is no way Microsoft can patch that, but the problem is still there.
Also back to the PathCombine example. When the third party executable was compiled, the Windows SDK would have defined PathCombine to take a string the size of 260 (or whatever value MAX_PATH was at the time it was compiled).
If Microsoft did patch the call and then return more than 260 it would just crash the calling third party executable as it would only be expecting at most 260 characters.
In effect Microsoft would effectively re-defined the static PathCombine API signature at runtime and making it some sort of dynamic signature.
Also back to the PathCombine example. When the third party executable was compiled, the Windows SDK would have defined PathCombine to take a string the size of 260 (or whatever value MAX_PATH was at the time it was compiled).
If Microsoft did patch the call and then return more than 260 it would just crash the calling third party executable as it would only be expecting at most 260 characters.
In effect Microsoft would effectively re-defined the static PathCombine API signature at runtime and making it some sort of dynamic signature.