1. Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux

2. Agenda Windows XP Service Pack 2 Overview Developer Implications Implications on the MSJVM

3. Security Patches proliferating Time to exploit decreasing Exploits are more sophisticated Current approach is not sufficient Security is our #1 Priority There is no silver bullet Change requires innovation 151 180 331 Blaster Welchia/ Nachi Nimda 25 SQL Slammer Days between patch and exploit Background Responding to the Crisis 18 Sasser

4. Sasser W32.Sasser.Worm Patch: April 13 Warning: April 22 First sighting: April 30 Published 1 st May 2004 Attacks Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 on April 13, 2004. If you cannot patch, Firewall can protect you! http:// www.microsoft.com/security/incident/sasser.asp

5. What is a Service Pack? Updates and fixes to recognized issues and release them for customers. On a regular basis, we combine many of these fixes into a single package and make the package available for install on computers. These packages are called Service Packs. What is Windows XP Service Pack 2? All the usual stuff (hotfixes, patches). A set of new security features and defaults. Why release Windows XP Service Pack 2? Microsoft continually works to improve its software. Increase the security resiliency of Windows XP Make attackers work harder Reduce the damage of worms and viruses even if updates are not installed Windows XP Service Pack 2

6. Overview of XP SP2 Protection Memory Provide system-level protection for the base operating system Network Help protect the system from directed attacks from the network Email/IM Enable safer Email and Instant Messaging experience Web Enable safer Internet experience for most common Internet tasks

7. Internet Connection Firewall Goal and Customer Benefit Provide better protection from network attacks by default Focus on roaming systems, small business, home users What We’re Doing Will be on by default in almost all configurations More configuration options Group policy, command line, unattended setup, Better user interface Boot time protection Multiple profile support Connected to corporate network vs. home Enable file sharing on home networks with WF on Developer Impact In-bound network connections not permitted by default Dynamically enable ports as necessary, but only for as long as necessary, disable when done Memory Network Email/IM Web Windows Firewall

8. DCOM and RPC changes Goal and Customer Benefit Reducing DCOM / RPC attack surface exposed on network What We’re Doing Require authentication on default interfaces Enable programmatic ability to restrict RPC interfaces to local machine only Configuration of access and launch permissions for DCOM through registry Move most RPCSS code into reduced privilege process Enable customer-controlled option to require authentication to the end-point mapper Disable RPC over UDP by default Developer Impact Where appropriate, use new RPC API to limit calls to local machine Ensure your application doesn’t require anonymous clients Don’t use RPC over UDP Network Memory Email/IM Web

9. Email Attachments Goal and Customer Benefit Consistent system-provided mechanism for applications to determine unsafe attachments Consistent user experience for attachment “trust” decisions What We’re Doing Create new public API for handling safe attachments (Attachment Execution Services) Default to not trust unsafe attachments Outlook, Outlook Express, Windows Messenger, Internet Explorer changed to use new API Open / execute attachments with least privilege possible Safer message “preview” Replaces AssocIsSafe() Developer Impact Use new API in your applications for better user experience, and better determination of safe content Memory Network Email/IM Web

10. Web Browsing Goal and Customer Benefit Ensure a safer web browsing experience What We’re Doing Locking down local machine and local intranet zones Improved notifications for running or installing applications and ActiveX controls HTML files on the local machine will not be able to script unsafe ActiveX controls or access data across domains in the Local Machine Security Zone Blocking unknown, unsigned ActiveX controls Disarm cross domain script attacks on APIs Improved detection and handling of downloaded files through improvements to mime-handling code path Files served with mismatched or missing mime-headers and file extensions may be blocked Memory Network Email/IM Web

11. Web Browsing (cont’d) What We’re Doing (continued)  Mitigate ActiveX reuse through potential limited control leasing and more guided user experience  Limit UI spoofing  Pop-up windows will be suppressed unless they are initiated by user action Developer Impact Check for web application compatibility with newer, safer browsing defaults Identify whether controls are safe for scripting on the Internet, or if they can be more restricted Memory Network Email/IM Web

12. Hardware Execution Protection Goal and Customer Benefit  Reduce exposure of some buffer overruns What We’re Doing  Leverage hardware support in 64-bit and newer 32-bit processors to only permit execution of code in memory regions specifically marked as execute  Reduces exploitability of buffer overruns  Enable by default on all capable machines for Windows binaries  Ensure application compatibility with NX for Longhorn Developer Impact Ensure your code doesn’t execute code in a data segment Ensure your code runs in PAE mode with <4GB RAM Use VirtualAlloc with PAGE_EXECUTE to allocated memory as executable Test your code on 64-bit and 32-bit processors with “Execution protection” Memory Network Email/IM Web

13. Service Pack 2 Call To Action Write secure code! Michael Howard’s book Test your applications on Windows XP Service Pack 2, and send feedback Ensure your applications work with a host firewall enabled Test your code with non-executable memory on 64-bit or capable 32-bit processors For more information http://msdn.microsoft.com/security

14. Microsoft VM Situation Settlement Overview Microsoft was allowed to modify the JVM for security and critical customer problems for a limited time Microsoft is allowed to modify the JVM for security issues until Dec 31, 2007 This includes security problems Implications If a security vulnerability occurs in the MSJVM after Dec 31 2007, we will have no ability to provide a security update Developers need to check for dependencies now

15. Overview of MS VM Transition Guidance Deliver guidance to developers on the transition process and how to approach it Options Identify the options available for developers to transition applications Tools Provide tools and support to mechanically assist developers in transitioning and planning Assistance Assist our customers in completing the transition successfully

16. Transition Options Developers have many options General Options IE trusted zone lockdown 3rd party JRE replacement For your code and websites Retire application by 2007.NET migration Other rendering technologies For 3 rd Party sites, applications or components ISV product service pack or upgrade Microsoft product service pack or upgrade If you don’t use the MSJVM Desktop MSJVM removal You can always do nothing but we recommend that you don’t take this option Guidance Options Tools Assistance

17. Transition Tools Various tools available Deployment Group policy settings for IE lockdown with trusted zones MSJVM removal tool SMS and SUS for deployment and upgrades Analysis Microsoft diagnostic tool for the MSJVM.NET migration Visual C# - Java Language Conversion Assistant (JLCA) Visual J# - J# Browser Controls Additional assistance Webcasts ISV product transition inventory Microsoft product transition inventory Guidance Options Tools Assistance

18. Transition Assistance Assistance available from Microsoft Microsoft MSJVM Transition Guide Business technology reviews to assist in identifying dependencies and migration options Free PSS incident support for transition tools and MSJVM migration to.NET Supported public newsgroups Other assistance available Case study examples on migration Prepared service consultants and partners (fee- based) Additional information on http://www.microsoft.com/java Guidance Options Tools Assistance

19. Transition Guidance Microsoft recommends Assess your situation in all environments Review the available materials at http://www.microsoft.com/Java Assist your customers in determining the best solution(s) to meet their requirements Begin the process sooner rather than later * Microsoft does not recommend customers run the Microsoft Java VM or have applications deployed that depend on the MSJVM. Guidance Options Tools Assistance

20. Summary – Call To Action Everyone Write secure code Get involved! For Windows XP SP2 Test your applications on Windows XP Service Pack 2, and send feedback Ensure your applications work with a host firewall enabled Test your code with non-executable memory on 64-bit or capable 32-bit processors For the Microsoft Virtual Machine Assess your situation in all environments Awareness - Review the available materials at http://www.microsoft.com/Java Planning - Determine the best solution(s) that meet your companies requirements Transition – Begin the process sooner rather than later.

21. © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.