Security weaknesses, that were discovered last summer within Adobe Flash player, Acrobat and Acrobat Reader, under Windows, MacOS or Linux, give us the occasion to remind to all the Windows applications’ developpers, that each new Visual Studio version offers new protections enabling to reduce these security defaults. It is then necessary for us to use them throughout our developpements:

• Compiling with /GS : enables to check the corruptions of the stack as weel as the stack overflows and stops the software execution if this type of problem is detected. For Visual 2005 SP1 and sup., it’s good to add a #pragma strict_gs_check(on) to further improve the detection of the stack’s corruptions.
• Linker with /SafeSEH : enables the protection of the exception handlers, if ever a malicious software would replace a code of exception handlers in order to be executed when the application crashes.
• Linker with /DYNAMICBASE (from version 8.00.50727.161 of the linker) : prevents the DLL, that are charged by an application, from always being at the same RAM address (which is reproached to Adobe).

Among the best practices to implement, we can cite the DEP (Data Execution Prevention) which prevents the execution of code whithin data segments, but it requires to take some precautions if the compatibility with Windows XP has to be maintained.

We advise you to read the article "Windows ISV Software Security Defense" (http://msdn.microsoft.com/en-us/library/bb430720.aspx# ) which details the implementations of all these protections.

And for those of you who are particularly interested, we advise the following blog "Security Research & Defense" de Microsoft : http://blogs.technet.com/b/srd/.