Well, that’s one way to do it. Microsoft has introduced two new Windows APIs meant for driver developers to help them create safe software for the operating system.
This, the company says, is the next step in its quest to eliminate uninitialized memory issues. More specifically, the uninitialized kernel pool memory used by developers who build hardware drivers for Windows.
Statistically speaking, these memory vulnerabilities represent as many as up to 1 in 10 of all Microsoft CVEs in recent years.
Meaning, in one sweep, the company has taken care of anywhere from 5% to 10% of all flaws in the OS.
Joe Bialek, a security engineer in the Microsoft Security Response Center (MSRC) is here with the details, and there is a lot of technical mumbo jumbo here for the casual user.
But the big takeaway is that this is part of the company’s effort to kill off memory-related bugs. These bugs have made up to 70% of all patches that the software titan shipped over the past decades, in part because Windows being primarily written in C and C++ programming languages.
Redmond is trying to shift to other platforms like Rust to rewrite some Windows components, but this is something that the company is still exploring.
In the meantime, it has opted to minimize these uninitialized kernel pool issues, and do so by implementing a solution that has as negligible an impact on performance as possible.
The answer is what the company calls pool zeroing, a technique introduced in Windows 10 version 2004 via the new Windows Kernel Pool application programming interfaces.
Result being, application and driver developers on Windows can begin using this with minimum fuss, while the end users reap the benefits of increasingly secure solutions and notably lower vulnerabilities in the operating platform.
Win-win!
