NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0391 Microsoft Adds New Security APIs to VISTA and
XP:
Microsoft has added new security-related APIs to upcoming
service packs for Windows VISTA and XP to expand the use of the anti-exploit
technology dubbed Data Execution Prevention (DEP). The new APIs will be
included with VISTA Service Pack 1, Windows XP Service Pack 3, and the brand-new
Windows 2008 when those operating systems ship. DEP, which also goes by NX - for
No eXecute - was introduced by Microsoft in Windows XP SP2 and expanded in VISTA
and Server 2008. It's designed to stop some kinds of exploits - buffer
overflow attacks primarily - by blocking code from executing in memory
that's supposed to contain only data. The new APIs can be used by
developers working with the older ATL to enable DEP at runtime, or when the
application actually launches. Previously, those programmers were forced to
decide ahead of time whether their software would try to protect itself using
DEP. Microsoft has slated VISTA SP1 for release this quarter, though
speculation has mounted that it will appear within a matter of weeks. Windows
XP SP3 is scheduled to ship sometime in the first half of the year, while
Windows Server 2008 has been tagged with a late-February launch date.
(ComputerWorld 31JAN08)