Recently, it has been reported that Windows 8, 8.1 and 10 fail to properly implement ASLR. Address Space Layout Randomization (ASLR) is a security technique used to prevent the exploitation of memory corruption vulnerabilities. It does this by randomizing the memory address where application code is run.
In Windows 10, ASLR can be enabled in the Windows Defender Security Center (pictured below).
While researching the (Microsoft Equation Editor) vulnerability, analyst Will Dormann found that ASLR was not randomizing the memory address locations of application binaries in certain situations. Instead, Dormann discovered that programs were relocated, but to the same address every time. It basically means that ASLR is not enabled, leaving users vulnerable.
Dorman stated that in order for ASLR to function correctly, users need to enable ASLR in a bottom-up configuration as opposed to the proper configuration.
While Microsoft is working on a patch for the issue, users can follow these steps to correctly implement ASLR:
- Create a blank text file and copy the following text:
2. Save the file with a .reg extension.
3. Open the Windows Registry Editor by searching for “regedit” from the Start Menu.
4. Click File and import the .reg file previously created.
Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: firstname.lastname@example.org