ASLR vulnerability in Windows 8, 10: fix directly

Space Layout Randomization or ASLR: Windows 8, Windows 8.1 and later versions of Windows 10 reportedly do not implement ASLR properly, rendering a very critical Windows security feature useless.

Address Space Layout Randomization or ASLR is one security tool that chooses random memory addresses to execute an application's code.

The ASLR feature was originally released in 2003 in OpenBSD and has since been added to all major operating systems, Linux, Android, MacOS, and Windows.

Microsoft has first added ASLR to Windows with 2006 Vista. To enable the feature, users had to install Microsoft EMET and use their GUI to choose to use ASLR in system-wide or application-specific situations.

With the release of Windows 10, ASLR was added to the Exploit Guard και οι χρήστες μπορούν να το ενεργοποιήσουν μέσω του Κέντρου Ασφαλείας του Windows .

ASLR

A vulnerability that exists here and 17 years (was recently revealed) affecting the Microsoft Office equation editor, demonstrated that ASLR did not randomize memory code addresses in applications under specific conditions.

According to Will Dormann, a CERT / CC vulnerability analyzer, when users activate ASLR protection across the system, there were errors that did not allow the creation of random memory addresses.

"The result is that used in the same every time across all reboots even on different systems,” Dormann said today in a notice that published in CERT.

This practically means that ASLR is not used even though it is enabled, which means that users of the security feature are open to reusing memory addresses of an application containing malicious code.

The researcher says that this issue only affects Microsoft systems from Windows 8 and then because the company changed the registry values ​​through which the ASLR starts.

Of course Microsoft is expected to fix the problem in a future update and for now, the only way to get the ASLR feature to work is a tweak oscillation in the Windows registry.

How can I protect:

Create one text and enter the following text:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ kernel] "MitigationOptions" = hex: 00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

Save the .reg file instead of .txt, for example, iguru.reg.

Optionally, you can download the file we made for you, and run it with a double click (after the of from .zip)

Right click save as:

iguru.reg

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).