dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2228
matunga
join:2003-07-26

1 edit

1 recommendation

matunga

Member

Vista SP1 and Server 2008 include SEHOP security protection

Windows Vista Service Pack 1 and Windows Server 2008 now include support for Structured Exception Handling Overwrite Protection (SEHOP). This feature is designed to block exploits that use the Structured Exception Handler (SEH) overwrite technique. This protection mechanism is provided at run-time. Therefore, it helps protect applications regardless of whether or not they have been compiled with the latest improvements, such as /SAFESEH.

We recommend that Windows Vista users enable this feature to help increase the security profile of their systems.

By default, SEHOP is enabled in Windows Server 2008. By default, it is disabled in Windows Vista. To enable SEHOP manually, follow these steps:

1. Click Start, type regedit, and then press ENTER.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation
3. Double-click DisableExceptionChainValidation.
4. Change the value of the DisableExceptionChainValidation registry entry to 0 to enable it, and then click OK.

http://support.microsoft.com/kb/956607/en-us

Pole883
Premium Member
join:2004-01-27
Schenectady, NY

Pole883

Premium Member

Thanks!!

Never realized that....

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn to matunga

Premium Member

to matunga
Interesting... you would think that there would be an an option to enable this somewhere without a registry change?

jdong
Eat A Beaver, Save A Tree.
Premium Member
join:2002-07-09
Rochester, MI

1 edit

jdong

Premium Member

said by Dustyn:

Interesting... you would think that there would be an an option to enable this somewhere without a registry change?
There probably is a compatibility or performance drawback to enabling this option, else it would be on by default.

And oh look. matunga forgot to quote this part:
quote:
Known Issues
If you enable SEHOP, existing versions of Cygwin, Skype, and Armadillo-protected applications may not work correctly.


Cabal
Premium Member
join:2007-01-21

Cabal to matunga

Premium Member

to matunga
Turned it on, half my apps broke.

Turned it off.
Expand your moderator at work

Cudni
La Merma - Vigilado
MVM
join:2003-12-20
Someshire

Cudni to Cabal

MVM

to Cabal

Re: Vista SP1 and Server 2008 include SEHOP security protection

what apps broke and how?

Cudni