I’ve been meaning to write about this for some time, but while pondering over my very dead laptop (it won’t even get to the “Choose an OS to boot’ option”, I remembered.
The code which Blaster took advantage of was in the released version of Windows 2003 🙁 but the worm itself did not infect Windows Server 2003 machines, here’s why: the /GS flag. The buffer-overrun was detected by the -GS handling code, which caused the OS to shut the RCPSS process down. Sure, not a good thing – but a heck of a lot better than being infected by the worm. You can read more about /GS in Brandon Bray’s blog http://blogs.msdn.com/branbray/archive/2003/11/11/51012.aspx.
In case you’re not aware, Windows XP SP2 is also compiled with the latest ‘n’ greatest version of /GS.
Another cool thing in Whidbey is /GS is implicit; if you compile code using this:
cl -c mycode.cpp
You get the -GS stack-overrun detection code by default :))
If you don’t want this option (why don’t you want it?), then you must compile with /GS-