ASLR, or address space layout randomisation, is a feature designed to make it more difficult for threat actors to exploit known vulnerabilities like buffer overflows. This is achieved by randomising where in the memory important data is stored, making it much more difficult to target a specific location. However, a bug has been identified that prevents ASLR from working correctly in later versions of Windows.
The US Computer Emergency Response Team (CERT) says that the bug, which applies to Windows 8 and Windows 10, prevents ASLR from randomising every application, if enabled system-wide through Enhanced Mitigation Experience Toolkit (EMET) or Windows Defender Exploit Guard. This is due to a change in how system-wide ASLR is implemented in these versions:
‘This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy', CERT writes. ‘Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomise executables that do not opt in to ASLR.'
Microsoft released EMET to help protect apps that don't opt in to ASLR and other exploit-mitigation techniques, and can work either on specific apps or system-wide. It was replaced by Windows Defender Exploit Guard in the Windows 10 Fall Creators updates.
Security research Will Dormann writes, "Both EMET and Windows Defender Exploit Guard enable system-wide ASLR without also enabling system-wide bottom-up ASLR. Although Windows Defender Exploit Guard does have a system-wide option for system-wide bottom-up-ASLR, the default GUI value of "On by default" does not reflect the underlying registry value (unset). This causes programs without /DYNAMICBASE to get relocated, but without any entropy. The result of this is that such programs will be relocated, but to the same address every time across reboots and even across different systems."
CERT currently doesn't have a fix for the problem, but recommends enabling system-wide bottom-up ASLR on systems with system-wide mandatory ASLR.
Antarctica lost on average 252 gigatons of ice mass per year from 2009 to 2017, claims study
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest