Ginger & Photon

[This was originally published on the OSVDB blog.]

Recently at the CanSec West conference, Window Snyder from Microsoft gave a talk about Windows XP SP2 security internals. Looking past a bulk of the talk, one portion of it stuck out in the minds of many vulnerability researchers. Unfortunately, the press has only given it a small blurb in the various articles so far.


Moreover, the company found and fixed two classes of vulnerabilities that have not been discovered elsewhere, she said.

“These are entire classes of vulnerabilities that I haven’t seen externally,” Snyder said. “When they found these, (the developers) went on a mission, found them in all parts of the system, and got rid of them.”

Snyder remained mum on the details, however, even giving the families of vulnerabilities fake code names: “Ginger” and “Photon.”

Two entire classes of vulnerabilities discovered and fixed, that have never been seen externally? This seems a bit difficult to believe to me. I recall over the last few years during various conversations and email discussions where I challenged someone to name the last class of vulnerabilities that surfaced. Not counting these, I believe it has been years?

Anyone have fun speculation regarding what Ginger and Photon might be? Could they be found nowhere else because they are native to Microsoft/Windows? Could it be a big PR gig to further promote trustworthy computing?

Leave a Reply