US CERT issues warning on ASLR vulnerability in Windows

Haythem Elmir

US CERT has issued a warning on a vulnerability in Windows’ Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10 which could an attacker to take control of an affected system.

CERT’s Will Dormann wrote in Vulnerability Note #817544 that both the Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard without also enabling system-wide bottom-up ASLR. ASLR is designed to prevent code-reuse attacks by loading modules in non-predictable addresses, however, the default setting for Windows Defender Exploit Guard GUI is « On by default » and does not reflect the underlying registry value (unset) resulting in programs being relocated to the same address even if the computer is rebooted.

“Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier,” Dormann wrote.
To read the original article:

Laisser un commentaire

Next Post

Biggest Cybersecurity Threats for 2018

IBM recently announced the shocking average cost of data breach. While down around 10 percent, the global average for a data breach is $3.62 million. For many companies, the cost of suffering a cyberattack is enough to take the business down entirely, so it has never been more vital for […]