Windows 8 and 10 have an ASLR flaw PDF Print E-mail
Written by Wayne   
Monday, 20 November 2017 16:54
lock down windows 10A new security bug has been discovered on Windows 8 and above which makes ASLR useless. The bug was discovered by a security researcher named Will Dormann. He explained the issue in a detailed post on CERT: Both EMET and Windows Defender Exploit Guard enable system-wide ASLR without also enabling system-wide bottom-up ASLR. Although Windows Defender Exploit guard does have a system-wide option for system-wide bottom-up-ASLR, the default GUI value of “On by default” does not reflect the underlying registry value (unset). This causes programs without /DYNAMICBASE to get relocated, but without any entropy. The result of this is that such programs will be relocated but to the same address every time across reboots and even across different systems. For those who don’t know, Microsoft first implemented ASLR (Address Space Layout Randomization) in Windows Vista that helps prevent code-reuse attacks. ASLR uses a random memory address to execute code, but in Windows 8, Windows 8.1 and Windows 10 the feature is not always applied properly. In Windows 8, 8.1 and Windows 10, ASLR is not using random memory addresses, essentially rendering it useless...More details and a fix can be found on OUR FORUM.