Address Space Layout Randomization or ASLR: The windows 8, Windows 8.1 and later versions of Windows 10 reportedly do not implement ASLR properly, rendering a very critical Windows security feature useless.
Address Space Layout Randomization or ASLR is a security technique that chooses random memory addresses to execute codeof an application.
The ASLR feature was originally released in 2003 in OpenBSD and has since been added to all major operating systems, Linux, Android, MacOS, and Windows.
Microsoft first added ASLR to Windows with the release of Vista in 2006. To enable the feature, users they had to install Microsoft EMET and use its GUI to choose to use ASLR in whole system or application situations.
With the release of Windows 10, ASLR was added to the Windows Defender Exploit Guard and users can enable it through the Windows Defender Security Center.
A vulnerability that exists here and 17 years (was recently revealed) that affects the Microsoft Office equation editor, demonstrated that ASLR did not randomize memory code addresses into application files under certain conditions.
According to Will Dormann, a CERT / CC vulnerability analyzer, when users activate ASLR protection across the system, there were errors that did not allow the creation of random memory addresses.
This practically means that ASLR is not in use even though it is enabled, which means that users of the security feature are open to attacks for reusing memory addresses of an application that contains malicious code.
The researcher says that this issue only affects Microsoft systems from Windows 8 and then because the company changed the registry values through which the ASLR starts.
Of course, Microsoft is expected to fix the problem in a future update, and for now, the only way tomovements of the ASLR feature to work is an oscillation tweak in the Windows registry.
How can I protect:
Create a text file and type the following text:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ kernel] "MitigationOptions" = hex: 00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00
Save the .reg file instead of .txt, for example, iguru.reg.
Optionally, you can download the file we made for you, and run it with a double click (after exporting it from .zip)
Right click save as: