Windows 10 News and info | Forum
October 18, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Windows 8 and 10 have an ASLR flaw, here’s how you can fix it  (Read 308 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 29056


I Do Windows


WWW Email
« on: November 20, 2017, 06:59:34 PM »
ReplyReply

A new security bug has been discovered on Windows 8 and above which makes ASLR useless. The bug was discovered by a security researcher named Will Dormann. He explained the issue in a detailed post on CERT:

Quote
Both EMET and Windows Defender Exploit Guard enable system-wide ASLR without also enabling system-wide bottom-up ASLR. Although Windows Defender Exploit guard does have a system-wide option for system-wide bottom-up-ASLR, the default GUI value of “On by default” does not reflect the underlying registry value (unset). This causes programs without /DYNAMICBASE to get relocated, but without any entropy. The result of this is that such programs will be relocated but to the same address every time across reboots and even across different systems.

For those who don’t know, Microsoft first implemented ASLR (Address Space Layout Randomization) in Windows Vista that helps prevent code-reuse attacks. ASLR uses a random memory address to execute code, but in Windows 8, Windows 8.1 and Windows 10 the feature is not always applied properly. In Windows 8, 8.1 and Windows 10, ASLR is not using random memory addresses, essentially rendering it useless.



The good thing though is, Will shared a manual Registry Edit to fix the issue. For this, you need to do the following.

■ Create a text file with the following:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
“MitigationOptions”=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

■ Save the file with Registry extension (.reg)

■ Open Registry Editor by typing “regedit” in the Start Menu

■ Select File > Import and choose the .reg file you just created.

This should be able to fix the issue until Microsoft sends an update to fix it completely.

source
« Last Edit: November 21, 2017, 01:09:51 AM by javajolt » Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page September 12, 2018, 05:34:46 PM