Microsoft Vista Address Space Layout Randomization Feature

One of the features of Microsoft Vista will be Address Space Layout Randomization (ASLR). ASLR will make buffer overflow attacks much more difficult. There's also been a recent increase of MS Office 0-day exploits. Halvar Flake made the interesting connection that the increase in MS Office 0-days is due to the fact that these MS Office 0-days are going to start expiring as more people switch to Vista.

I agree with Halvar that ASLR will make buffer overflow attacks much less viable. The honeyclient system is very well-suited for detecting MS Office 0-days. Even though it will be a while before most Windows users make the switch to Vista, ASLR is not going to address certain classes of exploits. For example, the Melissa Word Macro Virus did not rely on executing a buffer overflow to compromise a host. This type of exploit is also detectable with honeyclient technology.