18Better Buffer Overflow Protection Second cookie protects exception handlersSafer CRT exception handlersNo more executable pages outside imagesEnforced by better development practices and code scanning tools/NXCOMPAT linker flag in build toolsIf all binaries in a process are marked NX is automatically enabled for the processHeap protectionSigned kernel code (x64 only)
22Suite-B Crypto Software and Smart Card Key Storage Providers Cryptographic configurationNIST ECC Prime Curves support (smart cards too)AESSHA-2IPsec support for AES and ECDHECC cipher suites in SSLEFS with smart cards
33Changes to User Rights All rights for Power Users removed Create global objects does not have INTERACTIVESE_IMPERSONATE has added IIS_IUSRS and removed ASPNETLogon as a service is now empty by default
34New User Rights Access credential manager as a trusted caller Change time zone user rightCreate symbolic linksModify an object labelSynchronize directory service dataIncrease a process working set.
65What’s New In SMBv2 (in 30 seconds) Only 16 commands (80 in SMBv1)Implicit sequence number speeds up hashingSHA-256 signatures (MD-5 in SMBv1)Handles reconnections more reliablyClient-side file encryption (yay!!!)Symbolic links across shares (disabled by default)Better load balancing mitigates DOS attacks