New Vista security feature

[mechBgon]

If you've got Vista with Service Pack 1 or later, a new option is available that mitigates certain types of exploits. It has a rather confusing name, abbreviated SEHOP (for Structured Exception Handler Overwrite Protection). To enable SEHOP, you can either

1) click the "Fix It" button on this page at Microsoft

or

2) use the manual method further down the page that involves setting the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation to 0.

Microsoft lists these "known issues:"

After you enable SEHOP, existing versions of Cygwin, Skype, and Armadillo-protected applications may not work correctly.

Microsoft's Security Research & Defense blog has an article with a technical explaination of SEHOP, for those who want the details: http://blogs.technet.com/srd/a...writes-with-sehop.aspx

 

[FLegman]

Great new feature, thanks for the introduction.

 

[Chiefcrowe]

Thank you! i'll have to try this. Do you happen to know if this will be built in to Win7? or would we have to enable it?

 

[mechBgon]

Originally posted by: Chiefcrowe
Thank you! i'll have to try this. Do you happen to know if this will be built in to Win7? or would we have to enable it?

I'm not sure if it'll be enabled by default on Win7 or not. Either way, I think it would be helpful if they made it easy to turn on & off via the GUI, like we can with full Data Execution Prevention.