Advice Request Windows 8 and Later Fail to Properly Apply ASLR, Here's How to Fix

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Windows 8 and Later Fail to Properly Apply ASLR, Here's How to Fix

Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless.
Address Space Layout Randomization (ASLR) is a computer security technique that randomizes the memory address where application code is executed.
ASLR made its debut in OpenBSD, in 2003, and since that time it's been added to all major operating systems, including Linux, Android, macOS, and Windows.
Microsoft added ASLR in Windows with the release of Vista, in 2006. In order to enable the feature, users had to install Microsoft EMET and use its GUI to enable ASLR in system-wide and/or application-specific states.
With the release of the Windows 10, ASLR was added to the Windows Defender Exploit Guard, and users can now enable it via the Windows Defender Security Center (under App & browser control and then Exploit protection settings).

WindowsASLRSettings.png


While looking into a recently disclosed 17-years-old vulnerability affecting the Microsoft Office equation editor, CERT/CC vulnerability analyst Will Dormann discovered that ASLR was not randomizing the memory code locations of application binaries in specific conditions.
Click to expand...

Workaround available
Dorman says that users must enable ASLR in a system-wide bottom-up configuration in order for ASLR to work properly.

While Microsoft is expected to fix the issue in a future patch, currently, the only way of starting ASLR in the proper configuration is by tinkering with the Windows Registry. US CERT/CC provided the following workaround.

Step 1: Create a blank text file and enter the following text:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00
Step 2: Save the file with a .reg extension, for example, ASLR.reg.

Step 3: Open the Windows Registry Editor by searching for "regedit" in your Start menu.

Step 4: Select the File menu option and choose to import the .reg file you just created above.

WindowsRegistry-Import.png


Optionally, Bleeping Computer has created an ASLR-fix registry fix file that users only need to download and double-click.
Click to expand...
 
Last edited by a moderator:
  • Like
Reactions: XhenEd, shmu26, bribon77 and 5 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
What are the pros and cons of this registry hack?
And how to undo it, if issues arise?
 
  • Like
Reactions: LASER_oneXM
Status
Not open for further replies.

Similar threads

nicolaasjan
    • +Reputation
    • Wow
    • Like
Technology New sneaky Windows driver UCDP stops non-Microsoft software from setting defaults
Replies
2
Views
247
Technology News
NormanF
N
Gandalf_The_Grey
    • Like
    • +Reputation
How to restore the Photos Legacy app on Windows
Replies
1
Views
222
Multimedia editors and players
Bot
Bot
Gandalf_The_Grey
    • Like
Guide | How To Fix Windows and Linux Showing Different Times When Dual Booting
Replies
0
Views
616
Guides - Privacy & Security Tips
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top