Jump to content

Recommended Posts

EMET allows enforcement of ASLR for Windows Vista, 7, 8, 8.1 and later.  I see no mention of ASLR (I am not referring to bottom-up ASLR) in anything I have read about regarding MBAE so am puzzled as to whether ASLR is actually enforced on many Windows systems.

 

I deploy EMET 5.2 on all Windows 7 and 8.1 systems that I oversee and ASLR is thus enforced through EMET, when the ASLR option is ticked.  I am therefore not personally inconvenienced if the lack of enforcement of ASLR causes a successful exploit.

Link to post
Share on other sites

  • Staff

Even though ASLR+DEP combined are very strong protections against exploits, most relevant and targeted companies nowadays (Microsoft, Adobe, etc.) already ship their binaries with both ASLR + DEP enabled by default. So if an exploit wants to be successful it needs to bypass both in its first stage. This is why we decided to concentrate first on other protections. This is not to say ASLR is not important, but even ASLR enforcement has its limitations, not all DLLs can be relocated, although it is always better to have it enforced.

Link to post
Share on other sites

Thank you for those insights Pedro.  With EMET 3 on a couple of Windows 7 systems and EMET 5.2 on others, I have ensured a solid column of ASLR opt-ins and no application has yet complained, regardless of whether or not they have had the option included by the producers.

 

I have not felt the need to update EMET 3 to EMET 5.2 on the two systems because there are no vulnerable applications running on them which do not enjoy MBAE's ROP exploit protections.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.