The Developer Implications of Windows XP SP2

From: Michael Howard (mikehow_at_MICROSOFT.COM)
Date: 11/12/03

  • Next message: 3APA3A: "Re: Alert: Microsoft Security Bulletin MS03-050 - Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)" 
    Date:         Wed, 12 Nov 2003 09:37:23 -0800
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Moving forward, Microsoft intends to reduce the attack surface of its
    products, such as turning less-often used features off, running more
    code in lower privilege, closing network ports and adding more defensive
    layers. However, this _may_ cause some applications to fail or behave
    inconsistently, but customers have told us they want us to reduce the
    attack surface of our products as it is easier to deal with potential
    application issues than potential security issues.

    Windows XP Service Pack 2, currently in development, substantially
    reduces the OS attack surface and we feel it's important that Windows
    developers are aware of some of the upcoming changes so they can
    determine if their applications are affected.

    Please take a look at _Windows XP Service Pack 2: A Developer's View_ at
    http://msdn.microsoft.com/library/en-us/dnwxp/html/securityinxpsp2.asp
    for further information.

    Cheers, Michael

    [Writing Secure Code 2nd Edition]
    http://www.microsoft.com/mspress/books/5957.asp
    [Protect Your PC] http://www.microsoft.com/protect
    [Blog] http://blogs.gotdotnet.com/mikehow 

    ----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
  • Next message: 3APA3A: "Re: Alert: Microsoft Security Bulletin MS03-050 - Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)"

    Relevant Pages

    • RE: [fw-wiz] Worms, Air Gaps and Responsibility
      ... > security issues, its about total attack surface. ... > capita attack surface on Windows OSs continues to decrease ... > while the Linux systems seem to stay about the same. ...
      (Firewall-Wizards)
    • The Developer Implications of Windows XP SP2
      ... Microsoft intends to reduce the attack surface of its ... application issues than potential security issues. ... reduces the OS attack surface and we feel it's important that Windows ... Please take a look at _Windows XP Service Pack 2: ...
      (Bugtraq)