The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 14, 2015
Filed:
May. 08, 2013
Microsoft Corporation, Redmond, WA (US);
Eric St. John, Kirkland, WA (US);
Mohammad Rahim Bhojani, Bothell, WA (US);
Alok Shriram, Redmond, WA (US);
David Kean, Redmond, WA (US);
Divya Swarnkar, Redmond, WA (US);
Kumar Gaurav Khanna, Woodinville, WA (US);
Gaye Oncul Kok, Redmond, WA (US);
Jan Kotas, Redmond, WA (US);
Michael J. Rayhelson, Bellevue, WA (US);
Michael Rousos, Massillon, OH (US);
Weitao Su, Sammamish, WA (US);
Matthew Charles Cohn, Seattle, WA (US);
Zhanliang Chen, Sammamish, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
An enhanced binder provides flexibility and certainty when selecting a version of a software library to load, and an enhanced loader prevents a library version vulnerable to a security flaw from being loaded. The binder can perform unification, implicit override, and/or redirection. Implicit override searches assembly-specific locations for an implicit_version, and override the previously chosen unification or other version with the implicit_version when the implicit_version is greater. The implicit_version gets updated with the individual assembly, whereas the unification_version gets updated with the framework. Redirection may override the implicit_version. Unlike redirection, an implicit_version does not recite an explicit range and is found outside application configuration files. The implicit_version is specified implicitly by the assembly without an XML declaration. Vulnerable libraries are not loaded, based on out-of-band metadata placed in response to a list of known out-of-band assemblies, an out-of-band-servicing attribute, or a custom servicing library.