What are the security goodies coming in Vista SP1?

What are the security goodies coming in Vista SP1?

Summary: As reported by Mary Jo Foley and Ed Bott, Microsoft has finally confirmed that Windows Vista SP1 actually exists and will serve as a cumulative roll-up of patches and bug fixes released over the last six months.This white paper from Microsoft, spells out the security goodies being fitted into this Vista refresh:Provides security software vendors a more secure way to communicate with Windows Security Center.

SHARE:
2

Security goodies coming in Vista SP1 As reported by Mary Jo Foley and Ed Bott, Microsoft has finally confirmed that Windows Vista SP1 actually exists and will serve as a cumulative roll-up of patches and bug fixes released over the last six months.

This white paper from Microsoft, spells out the security goodies being fitted into this Vista refresh:

  • Provides security software vendors a more secure way to communicate with Windows Security Center.
  • Includes application programming interfaces (APIs) by which third-party security and malicious software detection applications can work with kernel patch protection on x64 versions of Windows Vista. These APIs help ISVs develop software that extends the functionality of the Windows kernel on x64 computers without disabling or weakening the protection offered by kernel patch protection.
  • Improves the security of running RemoteApp programs and desktops by allowing Remote Desktop Protocol (RDP) files to be signed. Customers can differentiate user experiences based on publisher identity.
  • Adds an Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNGs in Windows Vista.
  • Enhances BitLocker Drive Encryption (BDE) to offer an additional multifactor authentication method that combines a key protected by the Trusted Platform Module (TPM) with a Startup key stored on a USB storage device and a user-generated personal identification number (PIN).

It's also likely (but not confirmed) that several known Vista vulnerabilities/weaknesses will be addressed in this service pack.

[ SEE: Vista voice exploit - cry wolf? ]

For example, this low-risk information disclosure hole is still unpatched, as is the Vista voice exploit discovered earlier this year.

According to the National Vulnerability Database, there are quite a few issues affecting Vista that hasn't been fully addressed by Microsoft.

Then there's the controversial User Account Control (UAC) design flaw that just might get some attention in this service pack.

Topics: Windows, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Who's crying wolf?

    http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=29845&messageID=555801&start=-9991
    georgeou
  • So Ryan, why aren't you calling this a Microsoft MEGA PATCH?

    After seeing the last couple Apple updates termed
    "Mega Patches" by you anti-Apple writers, I just
    wanted to see how you would refer to Microsoft's latest
    security release.

    Would you term it the "Mother of all Patches", "Mega
    Mega Patch", "Super Uber Patch", or would you try to
    gloss over the latest security update for Microsoft's
    latest OS flop? Seems the latter is the case.

    I'm not so much stuck in Apple's corner (I think Steve
    Jobs is an arrogant prick) but I just like to see writers
    be objective in describing like issues. Its obvious that
    when Apple releases a patch its "Mega" but when
    Microsoft releases a patch that really takes on the
    Mega descripton its just termed "the latest security
    goodies."
    usc1801