Michael Howard's blog entry on randomization of address space layout:  http://blogs.msdn.com/michael_howard/archive/2006/05/26/608315.aspx

I personally haven't seen the internals (implementation) yet, but it should be interesting on how well it affects a malicious user's ability to successfully exploit buffer overflow conditions.  This should make exploits of this nature more difficult to conduct successful since many of them require known memory locations and offsets -- now exploit writers can't rely on these conditions to be necessarily true.

Just like how the Visual C++ /GS flag compiler protection provides limited protection against stack overruns, don't rely on the Vista protection mechanism to be your silver bullet.  As Michael points out in his entry, having this protection doesn't excuse developers from creating secure code in the first place.  And with any sort of protection mechanism (/GS, StackGuard, StackShield, etc.) the security researchers usually find a way around it.



Kevin Lam, CISSP

Senior Security Technologist

Microsoft Application Consulting & Engineering (ACE) Team