The 64-bit editions of Windows Server offer the following enhanced security features:

• Buffer overflow protection

  A buffer overflow occurs when a data buffer is congested with more data than it is designed to handle. In 64-bit editions of Windows Server, the first parameters of a procedure call are passed in registers. As a result, it is less likely that the buffer will overflow, because the correct values have to be set up in registers and the variables and addresses have to be aligned on the stack.

• Data execution protection

  The 64-bit processors made by AMD and Intel include hardware support for data execution prevention (DEP). Windows Server uses DEP to prevent malicious code from being able to execute, even when a buffer overrun occurs. Even without a processor that supports DEP, Windows Server can detect code that is running in memory locations where it should not be.

• Patch Guard

  Microsoft Patch Guard technology prevents non-Microsoft programs from patching the Windows kernel. This technology prevents kernel mode drivers from extending or replacing kernel services, including system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). Third-party software is also prevented from allocating kernel stacks or patching any part of the kernel.