Defense-in-depth Protects Vista from Vulnerability
Michael Howard has the type of post only an insider could make, describing why Windows Vista isn’t effected by the MS007-04 bulletin. Basically, Microsoft’s new development tools were created with security in mind, and libraries automatically check for overflows (where an attacker tries to insert a number that’s bigger than the program is expecting). Windows XP was compiled with an earlier version of the libraries that required developers to manually check the size and range of input values… and many developers forget to check their inputs.
Applications created for the .NET Framework have always benefited from this type of protection; I’m glad to see it getting built into C++, and thus into the Windows Vista libraries.
Posted: January 11th, 2007 under News.
Comments: 2
Comments
Comment from Weber Ress
Time: January 11, 2007, 5:29 pm
Portuguese version this news.
http://www.weberress.com/2007/01/defesa-em-camadas-protege-windows-vista.html
Comment from Susan
Time: January 12, 2007, 12:54 am
This update addresses the vulnerability discussed in Microsoft Security Bulletin MS07-004. To find out if other security updates are available for you, see the Overview section of this page.
The RC is though.
Write a comment