What are the security goodies coming in Vista SP1?

Summary:As reported by Mary Jo Foley and Ed Bott, Microsoft has finally confirmed that Windows Vista SP1 actually exists and will serve as a cumulative roll-up of patches and bug fixes released over the last six months.This white paper from Microsoft, spells out the security goodies being fitted into this Vista refresh:Provides security software vendors a more secure way to communicate with Windows Security Center.

Security goodies coming in Vista SP1
As reported by Mary Jo Foley and Ed Bott, Microsoft has finally confirmed that Windows Vista SP1 actually exists and will serve as a cumulative roll-up of patches and bug fixes released over the last six months.

This white paper from Microsoft, spells out the security goodies being fitted into this Vista refresh:

  • Provides security software vendors a more secure way to communicate with Windows Security Center.
  • Includes application programming interfaces (APIs) by which third-party security and malicious software detection applications can work with kernel patch protection on x64 versions of Windows Vista. These APIs help ISVs develop software that extends the functionality of the Windows kernel on x64 computers without disabling or weakening the protection offered by kernel patch protection.
  • Improves the security of running RemoteApp programs and desktops by allowing Remote Desktop Protocol (RDP) files to be signed. Customers can differentiate user experiences based on publisher identity.
  • Adds an Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNGs in Windows Vista.
  • Enhances BitLocker Drive Encryption (BDE) to offer an additional multifactor authentication method that combines a key protected by the Trusted Platform Module (TPM) with a Startup key stored on a USB storage device and a user-generated personal identification number (PIN).

It's also likely (but not confirmed) that several known Vista vulnerabilities/weaknesses will be addressed in this service pack.

[ SEE: Vista voice exploit - cry wolf? ]

For example, this low-risk information disclosure hole is still unpatched, as is the Vista voice exploit discovered earlier this year.

According to the National Vulnerability Database, there are quite a few issues affecting Vista that hasn't been fully addressed by Microsoft.

Then there's the controversial User Account Control (UAC) design flaw that just might get some attention in this service pack.

Topics: Windows, Microsoft, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.