ASLR vulnerability in Windows 8, 10: fix directly

Address Space Layout Randomization or ASLR: The 8, Windows 8.1 and later versions of Windows 10 reportedly do not implement ASLR properly, rendering a very critical Windows security feature useless.

Address Space Layout Randomization or ASLR is a security technique that chooses random memory addresses to execute of an application.

The ASLR feature was originally released in 2003 in OpenBSD and has since been added to all major operating systems, Linux, Android, MacOS, and Windows.

Microsoft first added ASLR to Windows with the release of Vista in 2006. To enable the feature, they had to install Microsoft EMET and use its GUI to choose to use ASLR in whole system or application situations.

With the release of Windows 10, ASLR was added to the Exploit Guard and users can enable it through the Windows Defender Security Center.

ASLR

A vulnerability that exists here and 17 years (was recently revealed) that affects the Microsoft Office equation editor, demonstrated that ASLR did not randomize memory code addresses into application files under certain conditions.

According to Will Dormann, a CERT / CC vulnerability analyzer, when users activate ASLR protection across the system, there were errors that did not allow the creation of random memory addresses.

"The result is that programs were used in the same every time across all reboots even on different systems,” Dormann said today in a notice that published in CERT.

This practically means that ASLR is not in use even though it is enabled, which means that users of the security feature are open to attacks for reusing memory addresses of an application that contains code.

The researcher says that this issue only affects Microsoft systems from Windows 8 and then because the company changed the registry values ​​through which the ASLR starts.

Of course, Microsoft is expected to fix the problem in a future update, and for now, the only way tos of the ASLR feature to work is an oscillation tweak in the Windows registry.

How can I protect:

Create a text file and type the following text:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ kernel] "MitigationOptions" = hex: 00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

Save the .reg file instead of .txt, for example, iguru.reg.

Optionally, you can download the file we made for you, and run it with a double click (after exporting it from .zip)

Right click save as:

iguru.reg

iGuRu.gr The Best Technology Site in Greecefgns

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).