18 Better Buffer Overflow Protection Second cookie protects exception handlersSafer CRT exception handlersNo more executable pages outside imagesEnforced by better development practices and code scanning tools/NXCOMPAT linker flag in build toolsIf all binaries in a process are marked NX is automatically enabled for the processHeap protectionSigned kernel code (x64 only)
22 Suite-B Crypto Software and Smart Card Key Storage Providers Cryptographic configurationNIST ECC Prime Curves support (smart cards too)AESSHA-2IPsec support for AES and ECDHECC cipher suites in SSLEFS with smart cards
33 Changes to User Rights All rights for Power Users removed Create global objects does not have INTERACTIVESE_IMPERSONATE has added IIS_IUSRS and removed ASPNETLogon as a service is now empty by default
34 New User Rights Access credential manager as a trusted caller Change time zone user rightCreate symbolic linksModify an object labelSynchronize directory service dataIncrease a process working set.
65 What’s New In SMBv2 (in 30 seconds) Only 16 commands (80 in SMBv1)Implicit sequence number speeds up hashingSHA-256 signatures (MD-5 in SMBv1)Handles reconnections more reliablyClient-side file encryption (yay!!!)Symbolic links across shares (disabled by default)Better load balancing mitigates DOS attacks