Windows Vista Service Pack 1 and Windows Server 2008 now include support for Structured Exception Handling Overwrite Protection (SEHOP)

Windows Vista Service Pack 1 and Windows Server 2008 now include support for Structured Exception Handling Overwrite Protection (SEHOP)

Article ID : 956607
Last Review : September 8, 2008
Revision : 1.0
On This Page

INTRODUCTION

Windows Vista Service Pack 1 and Windows Server 2008 now include support for Structured Exception Handling Overwrite Protection (SEHOP). This feature is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique. This protection mechanism is provided at run-time. Therefore, it helps protect applications regardless of whether or not they have been compiled with the latest improvements, such as /SAFESEH. We recommend that Windows Vista users enable this feature to help increase the security profile of their systems.

Back to the top

MORE INFORMATION

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 (/Feedback.aspx?kbNumber=322756/) How to back up and restore the registry in Windows

By default, SEHOP is enabled in Windows Server 2008. By default, it is disabled in Windows Vista. To enable SEHOP manually, follow these steps:

1. Click Start, click Run, type regedit, and then press ENTER.
2. Locate the following registry subkey:

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Session Manager kernel DisableExceptionChainValidation

Note If you cannot find the DisableExceptionChainValidation registry entry under the HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Session Manager kernel subkey, follow these steps to create it:

a. Right-click kernel, point to New, and then click DWORD Value.
b. Type DisableExceptionChainValidation, and then press ENTER.
3. Double-click DisableExceptionChainValidation.
4. Change the value of the DisableExceptionChainValidation registry entry to 0 to enable it, and then click OK.

Note A value of 1 disables the registry entry. A value of 0 enables it.

5. Exit Registry Editor.

Back to the top

Known Issues

If you enable SEHOP, existing versions of Cygwin, Skype, and Armadillo-protected applications may not work correctly.

Note To resolve this issue, contact the software vendor for an update.

Back to the top

REFERENCES

Preventing the Exploitation of SEH Overwrites

For more information about a technique that you can use to help prevent the exploitation of SEH overwrites, visit the following third-party Web site:

http://www.uninformed.org/?v=5&a=2&t=txt (http://www.uninformed.org/?v=5&a=2&t=txt)

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Back to the top


APPLIES TO
• Windows Server 2008 Datacenter without Hyper-V
• Windows Server 2008 Enterprise without Hyper-V
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Standard without Hyper-V
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard
• Windows Web Server 2008
• Windows Vista Service Pack 1, when used with:
    Windows Vista Enterprise 64-bit Edition
    Windows Vista Home Basic 64-bit Edition
    Windows Vista Home Premium 64-bit Edition
    Windows Vista Ultimate 64-bit Edition
    Windows Vista Business
    Windows Vista Business 64-bit Edition
    Windows Vista Enterprise
    Windows Vista Home Basic
    Windows Vista Home Premium
    Windows Vista Starter
    Windows Vista Ultimate

Back to the top

Keywords: 
kbexpertiseinter kbpubtypekc kbbug kbsecvulnerability kbsecbulletin kbsecurity kbexpertisebeginner KB956607

Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image