Users login

Create an account »


Users login

Home » Hacking News » Microsoft stamps out XP buffer overflows

Microsoft stamps out XP buffer overflows

by Cyclop08 on September 9th, 2001 Microsoft has said it has stamped out buffer overflows with the upcoming release of Windows XP. Jim Allchin, vice president, claimed the company has done a complete code review of its operating system and removed all buffers which could overflow.

Deliberate buffer overflows have become a common method of attack for hackers who send extra data containing code to trigger certain actions.

The Code Red worm exploited a buffer overflow flaw in the indexing service DLL of Microsoft's IIS web server. The server, which uses beta versions of Windows XP, was among those vulnerable to Code Red buffer overflows.

But developers have questioned whether it is possible to remove all buffer overflows as not all are easily visible, especially in a complex operating system such as Windows XP.

Jon Collins, head of research at Sundial Consultancy, questioned the wisdom of such a definite statement by Microsoft. "It is a surprisingly definite announcement, similar to saying that the company has tested 100 per cent of its code," he said.

"XP is essentially a merger of NT and 95 in root forms, and both systems don't withstand change well. They need a clean install to operate efficiently. If Microsoft has done it, it's a great achievement," he added.

Posted by Cyclop08

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »