Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Windows 8 and Later Fail To Properly Apply ASLR

An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to Properly apply Aslr, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode. The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.

Read more of this story at Slashdot.



This post first appeared on Werbung Austria - Slashdot, please read the originial post: here

Share the post

Windows 8 and Later Fail To Properly Apply ASLR

×

Subscribe to Werbung Austria - Slashdot

Get updates delivered right to your inbox!

Thank you for your subscription

×