Possible changes for better Windows security
Microsoft’s much advertised efforts at greater security in Vista received some tarnish when the ANI exploit hit. The exploit used a type of security hole that has been known for a long time so questions arose about Microsoft’s neglect of this mode of attack. Ryan Naraine at ZDNet discusses Microsoft’s efforts to answer this somewhat embarrassing episode:
How did the super-critical animated cursor (.ani) vulnerability get past all the strict code review, fuzz testing and other defense-in-depth mitigations built into Windows Vista?
Michael Howard has the answer and he’s sharing it with us in a candid explanation from Microsoft on the lessons learned from the recent zero-day attacks and some planned changes to fix some warts in the SDL (Security Development Lifecycle).
The article goes on to discuss how this particular security hole was misssed and what Microsoft is doing to make its security reviews even tighter.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.