Why Blaster did not infect Windows Server 2003

I've been meaning to write about this for some time, but while pondering over my very dead laptop (it won't even get to the “Choose an OS to boot' option”, I remembered.

The code which Blaster took advantage of was in the released version of Windows 2003 :( but the worm itself did not infect Windows Server 2003 machines, here's why: the /GS flag. The buffer-overrun was detected by the -GS handling code, which caused the OS to shut the RCPSS process down. Sure, not a good thing - but a heck of a lot better than being infected by the worm. You can read more about /GS in Brandon Bray's blog http://blogs.msdn.com/branbray/archive/2003/11/11/51012.aspx.

In case you're not aware, Windows XP SP2 is also compiled with the latest 'n' greatest version of /GS.

Another cool thing in Whidbey is /GS is implicit; if you compile code using this:

cl -c mycode.cpp

You get the -GS stack-overrun detection code by default :))

If you don't want this option (why don't you want it?), then you must compile with /GS-