Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard.
ASLR is working as intended and the configuration issue described by CERT/CC only affects applications where the EXE does not already opt-in to ASLR. The configuration issue is not a vulnerability, does not create additional risk, and does not weaken the existing security posture of applications.
US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.
Microsoft Security Research & Defense Clarifying the behavior of mandatory
(Visited 15 times, 1 visits today)