Security flaw in Windows 8, Windows 10 makes them vulnerable to attacks: US CERT

By Shubham Sharma | Published on 21 Nov 2017
HIGHLIGHTS

Security researchers at the US Computer Emergency Response Team (CERT) have discovered a security flaw in ASLR feature implementation on Windows 8 and above operating systems which makes it easier for attackers to target important data.

Security flaw in Windows 8, Windows 10 makes them vulnerable to attacks: US CERT

Want to modernise your banking loan application?

Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift

Click here to know more

Advertisements

A technique called Address Space Layout Randomisation (ASLR) is used in Windows operating systems for preventing code reuse attacks and researchers at CERT have discovered a flaw in its implementation which renders it pointless on devices running Windows 8 and Windows 10. The feature was first introduced in Windows Vista but is also implemented on Windows 8 and above for safeguarding operating systems against memory based or code reuse attacks.

The ASLR feature is a memory-protection process for operating systems. It protects against buffer-overflow attacks by loading system executable programs at random addresses. According to the CERT report, in Windows 8 and above, the ASLR feature is enabled via Enhanced Mitigation Experience Toolkit (EMET) and Windows Defender Exploit Guard (WDEG). The feature is rendered worthless as EMET and WDEG can limit the support for ASLR in specific applications. 

The report further states that even though WDEG implements the ASLR feature, the executable programs are relocated, but to the same address every time across reboots and even across different systems. This allows an attacker to target important data if one uses Microsoft EMET or WDEG on machines running Windows 8 or Windows 10.

The report states, “This change (in system-wide ASLR implementation) requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomise executables that do not opt-in to ASLR.” CERT says that there is no current solution for the vulnerability but recommends a workaround to enable system-wide bottom-up ASLR on systems with system-wide mandatory ASLR.

The CERT report was written by Will Dormann who tweeted, “Starting with Windows 8.0, system-wide mandatory ASLR (enabled via EMET) has zero entropy, essentially making it worthless. Windows Defender Exploit Guard for Windows 10 is in the same boat.”

logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status