Windows ASLR Vulnerability and Solution

By | November 23, 2017

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard.
ASLR is working as intended and the configuration issue described by CERT/CC only affects applications where the EXE does not already opt-in to ASLR. The configuration issue is not a vulnerability, does not create additional risk, and does not weaken the existing security posture of applications.

US-CERT encourages users and administrators to review
CERT/CC VU #817544 and apply the necessary workaround until a patch is released.

Microsoft Security Research & Defense Clarifying the behavior of mandatory

(Visited 23 times, 1 visits today)