Categories

Vista Clues provides Windows Vista help, tips, downloads, and news. If you have a question or tip for Tony, send me an e-mail at qa@vistaclues.com

Site search

Main menu:

Archive

Defense-in-depth Protects Vista from Vulnerability

Michael Howard has the type of post only an insider could make, describing why Windows Vista isn’t effected by the MS007-04 bulletin. Basically, Microsoft’s new development tools were created with security in mind, and libraries automatically check for overflows (where an attacker tries to insert a number that’s bigger than the program is expecting). Windows XP was compiled with an earlier version of the libraries that required developers to manually check the size and range of input values… and many developers forget to check their inputs.
Applications created for the .NET Framework have always benefited from this type of protection; I’m glad to see it getting built into C++, and thus into the Windows Vista libraries.

For more information, read the Windows Vista Resource Kit (co-authored by your very own Tony Northrup). Got a question for Tony? Send an e-mail to qa@vistaclues.com.

del.icio.us:Defense-in-depth Protects Vista from Vulnerability digg:Defense-in-depth Protects Vista from Vulnerability spurl:Defense-in-depth Protects Vista from Vulnerability furl:Defense-in-depth Protects Vista from Vulnerability fark:Defense-in-depth Protects Vista from Vulnerability blogmarks:Defense-in-depth Protects Vista from Vulnerability Y!:Defense-in-depth Protects Vista from Vulnerability magnolia:Defense-in-depth Protects Vista from Vulnerability

Comments

Comment from Weber Ress
Time: January 11, 2007, 5:29 pm

Portuguese version this news.

http://www.weberress.com/2007/01/defesa-em-camadas-protege-windows-vista.html

Comment from Susan
Time: January 12, 2007, 12:54 am

http://www.microsoft.com/downloads/details.aspx?familyid=052484bf-2fd4-4922-b1a9-1f0da9bc727b&displaylang=en&tm

This update addresses the vulnerability discussed in Microsoft Security Bulletin MS07-004. To find out if other security updates are available for you, see the Overview section of this page.

The RC is though.

Write a comment