FireEye researchers say protocol standards must be strictly enforced
Windows 8 has been officially released, but regular users are not the only ones who can’t wait to check it out. Researchers are looking forward to seeing just how secure the latest Microsoft operating system really is.Experts from security firm FireEye have highlighted the fact that many of the vulnerabilities present in previous Windows versions were a result of “developers overlooking the proper implementation of protocol standards.”
For instance, researchers have underscored the fact that the Windows 7 and Windows 2008 zero-day uncovered back in February 2011 existed because engineers did not enforce a protocol specification which dictated that server names must be 16 bytes or less in length.
Furthermore, there were at least six other vulnerabilities that could have been avoided if protocol standards had been strictly enforced.
“Hopefully in Windows 8, unlike in previous versions of Windows, the security team has ensured that the conditions specified by the protocol specifications are properly enforced, thus making Windows 8 immune to such exploitation,” FireEye experts noted.