Michael Howard has the type of post only an insider could make, describing why Windows Vista isn’t effected by the MS007-04 bulletin. Basically, Microsoft’s new development tools were created with security in mind, and libraries automatically check for overflows (where an attacker tries to insert a number that’s bigger than the program is expecting). Windows XP was compiled with an earlier version of the libraries that required developers to manually check the size and range of input values… and many developers forget to check their inputs.
Applications created for the .NET Framework have always benefited from this type of protection; I’m glad to see it getting built into C++, and thus into the Windows Vista libraries.
Defense-in-depth Protects Vista from Vulnerability
Portuguese version this news.
http://www.weberress.com/2007/01/defesa-em-camadas-protege-windows-vista.html
http://www.microsoft.com/downloads/details.aspx?familyid=052484bf-2fd4-4922-b1a9-1f0da9bc727b&displaylang=en&tm
This update addresses the vulnerability discussed in Microsoft Security Bulletin MS07-004. To find out if other security updates are available for you, see the Overview section of this page.
The RC is though.