diff --git a/src/compat.h b/src/compat.h
--- a/src/compat.h
+++ b/src/compat.h
@@ -64,6 +64,15 @@
 #else
 #define MAX_PATH 1024
 #endif
+#ifdef _MSC_VER
+#if !defined(ssize_t)
+#ifdef _WIN64
+typedef int64_t ssize_t;
+#else
+typedef int32_t ssize_t;
+#endif
+#endif
+#endif
 
 #if HAVE_DECL_STRNLEN == 0
 size_t strnlen(const char *start, size_t max_len);
diff --git a/src/random.h b/src/random.h
--- a/src/random.h
+++ b/src/random.h
@@ -241,7 +241,7 @@
  * sure that the underlying OS APIs for all platforms support the number.
  * (many cap out at 256 bytes).
  */
-static const ssize_t NUM_OS_RANDOM_BYTES = 32;
+static const int NUM_OS_RANDOM_BYTES = 32;
 
 /**
  * Get 32 bytes of system entropy. Do not use this in application code: use
diff --git a/src/support/cleanse.cpp b/src/support/cleanse.cpp
--- a/src/support/cleanse.cpp
+++ b/src/support/cleanse.cpp
@@ -7,6 +7,10 @@
 
 #include <cstring>
 
+#if defined(_MSC_VER)
+#include <Windows.h> // For SecureZeroMemory.
+#endif
+
 /**
  * Compilers have a bad habit of removing "superfluous" memset calls that
  * are trying to zero memory. For example, when memset()ing a buffer and
@@ -34,7 +38,7 @@
      * to detect memset_s, it would be better to use that.
      */
 #if defined(_MSC_VER)
-    __asm;
+    SecureZeroMemory(ptr, len);
 #else
     __asm__ __volatile__("" : : "r"(ptr) : "memory");
 #endif