Impact of Session 0 Isolation on Services and Drivers in Windows Vista
DownloadImpact of Session 0 Isolation on Services and Drivers in Windows Vista
|
Windows Vista isolates services in Session 0 and runs applications in other sessions, so services are protected from attacks that originate in application code. In Windows Server 2003 and earlier versions of Windows, all services run in Session 0 along with applications, which poses a security risk because services run at elevated privilege and therefore are targets for malicious agents who are looking for a means to elevate their own privilege level.
This paper describes changes to the way in which services are run in Windows Vista. It provides guidelines for developers to modify application services and driver services to run in Windows Vista.
Included in this white paper:
| • | Description of Session 0 isolation in Windows Vista |
| • | Implications of Session 0 isolation for services and service-hosted drivers |
| • | Which applications and drivers might be affected |
| • | Potential issues for applications and drivers |
| • | Guidelines for modifying services and service-hosted drivers to work properly on Windows Vista |
