Jump to content

Windows ASLR Vulnerability

MisterWeather
 Share

Recommended Posts

MisterWeather

MisterWeather

Posted
Posted

Greetings

I searched the Forum on this and did not find anything, so forgive me if I'm double dipping. On November 20th the US-CERT issued an advisory regarding a new vulnerability in Windows 8.x and  Win 10. This vulnerability is in the manner that Windows Address Space Layout Randomization (ASLR) is implemented. A remote attacker could exploit this vulnerability to take control of an affected system. CERT Vulnerability Note #817544 describes a reg hack to turn Bottom Up ASLR on.  I see that Malwarebytes includes an option to turn that "Bottom Up" functionality on, in theory protecting against this vulnerability.

My questions is What are the potential drawbacks / Impacts of enabling this enforcement? Should it be employed?

TIA for insights

http://www.kb.cert.org/vuls/id/817544

MisterWeather

Link to post
Share on other sites
throkr

throkr

Posted
Posted (edited)

Hi,

As an additional info : there is an official blog post on Technet that explains the situation. Read it here: Clarifying the behavior of mandatory ASLR.

The post says: "... The configuration issue is not a vulnerability, does not create additional risk, and does not weaken the existing security posture of applications..."

Plus, I read user comments on various blogs complaining that, after applying the proposed (optional) registry fix, some installed software didn't launch or work properly ... (gHacks , winaero)

Edited by throkr
added : "Plus "
Link to post
Share on other sites
  • Staff
dsanchez

dsanchez

Posted
  • Staff
Posted

Hi @MisterWeather

There are some  articles on Internet that are a bit misleading because this vuln only affects when the System-wide Mandatory-ASLR configuration is enabled. You might not be affected by it because it is not enabled by default. Although MBAE bottom-up ASLR might help it will depend on whether the operative system takes advantage of MBAE's protection. Of course, that Bottom-up ASLR is another security layer that you might turn it on to protect your shielded application but keep in mind that not all the applications are not compatible with it.

Best regards
 
David Sánchez
Malwarebytes Anti-Exploit Security Team
Senior Security Researcher & Developer
 
Link to post
Share on other sites
MisterWeather

MisterWeather

Posted
  • Author
Posted

thokr & dsanchez

Thanks for the clarifications. I usually do not get that concerned regarding the CERT messages, but there was something in this particular notice that grabbed my attention. Perhaps I'm hypersensitive following the OPM, Equifax etc.  Both of those impacted me PII so I've gotten really strict about PC / LAN security. I guess we can consider this tread closed!

MisterWeather

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept