Many customers do not or cannot roll out security updates as soon as they become available, but still need to be protected against the risks that they mitigate. Each security bulletin that Microsoft delivers includes information that customers can use to help mitigate risk while they deploy the update. However, Microsoft is delivering other security technologies that provide additional mitigation when a security update cannot be deployed immediately. These security technologies cover the following areas:
Network protection
These security technologies help to provide better protection against network-based attacks, like MSBlaster, through a number of innovations, including enhancements to Internet Connection Firewall (ICF). The enhancements include turning on ICF in default installations of Service Pack 2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when ICF is on, and enhancing enterprise administration of ICF through Group Policy. The attack surface of the Remote Procedure Call (RPC) service is reduced, and you can run RPC objects with reduced credentials. The Distributed Component Object Model (DCOM) infrastructure also has additional access control restrictions to reduce the risk of a successful network attack.
Memory protection
Some attacks by malicious software leverage software security vulnerabilities that allow too much data to be copied into areas of the computer’s memory. These vulnerabilities are typically referred to as buffer overruns. Although no single technique can completely eliminate this type of vulnerability,
Microsoft is employing a number of security technologies to mitigate these attacks from different angles. First, core Windows components have been recompiled with the most recent version of our compiler technology. Additionally, Microsoft is working with microprocessor companies to help Windows support hardware-enforced “no execute” (also known as NX) restrictions on microprocessors that contain the feature. NX uses the CPU itself to enforce the separation of application code and data, preventing an application or Windows component from executing program code that an attacking worm or virus inserted into a portion of memory marked for data only.
Safer e-mail handling
Security technologies help to stop viruses (such as SoBig.F) that spread through e-mail and instant messaging. These technologies include default settings that are more secure, improved attachment control for Outlook Express and Windows Messenger, and increased Outlook Express security and reliability. As a result, potentially unsafe attachments that are sent through e-mail and instant messages are isolated so that they cannot affect other parts of the system.
More secure browsing
Security technologies that are delivered in Microsoft Internet Explorer provide improved protection against malicious content on the Web. One enhancement includes locking down the Local Machine zone to prevent against the running of malicious scripts and fortifying against harmful Web downloads. Additionally, better user controls and user interfaces are provided that help prevent malicious ActiveX® controls and spyware from running on customers’ systems without their knowledge and consent.
Improved computer maintenance
A very important part of any security plan is keeping computers updated with the latest software and updates. You must also ensure that you have current knowledge of security attacks and trends. For example, software updates to mitigate against many viruses and worms existed before any significant attacks began. Numerous technologies are being added to help improve this technology. These technologies include Security Center, which provides a central location for information about the security of your computer and Windows Installer, which provides more security options for software installation.