A technique called Address Space Layout Randomisation (ASLR) is used in Windows operating systems for preventing code reuse attacks and researchers at CERT have discovered a flaw in its implementation which renders it pointless on devices running Windows 8 and Windows 10. The feature was first introduced in Windows Vista but is also implemented on Windows 8 and above for safeguarding operating systems against memory based or code reuse attacks.
The ASLR feature is a memory-protection process for operating systems. It protects against buffer-overflow attacks by loading system executable programs at random addresses. According to the CERT report, in Windows 8 and above, the ASLR feature is enabled via Enhanced Mitigation Experience Toolkit (EMET) and Windows Defender Exploit Guard (WDEG). The feature is rendered worthless as EMET and WDEG can limit the support for ASLR in specific applications.
The report further states that even though WDEG implements the ASLR feature, the executable programs are relocated, but to the same address every time across reboots and even across different systems. This allows an attacker to target important data if one uses Microsoft EMET or WDEG on machines running Windows 8 or Windows 10.
The report states, “This change (in system-wide ASLR implementation) requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomise executables that do not opt-in to ASLR.” CERT says that there is no current solution for the vulnerability but recommends a workaround to enable system-wide bottom-up ASLR on systems with system-wide mandatory ASLR.
The CERT report was written by Will Dormann who tweeted, “Starting with Windows 8.0, system-wide mandatory ASLR (enabled via EMET) has zero entropy, essentially making it worthless. Windows Defender Exploit Guard for Windows 10 is in the same boat.”
Starting with Windows 8.0, system-wide mandatory ASLR (enabled via EMET) has zero entropy, essentially making it worthless. Windows Defender Exploit Guard for Windows 10 is in the same boat. More details to come...https://t.co/xMR5qIKVGH — Will Dormann (@wdormann) November 16, 2017
Other Popular Deals
- 10 websites and applications you must know about8 music streaming services worth trying out
- 6 ways to start learning Microsoft AzureHow to improve your Firefox browsing experience
- The 12 most hilarious YouTube channels10 Microsoft Big Data Success Stories
- Next year, these attacks will threaten your cybersecurityWhy you won't need cable or DTH in 2017
- Weird but interesting websites you ought to bookmark right...Daily deals roundup: Discounts on headphones, PC...
- Flipkart New Pinch Days sale: Offers on Google Pixel 2,...10 YouTube sci-tech channels every geek should follow
- 10 reasons to trust Azure with your data15 apps and websites to accomplish everyday tasks
- 15 must have chrome extensionsOn International Internet Day, know your internet