An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to Properly apply Aslr, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode. The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.
Read more of this story at Slashdot.