Windows ASLR Vulnerability

Microsoft Windows 8, 8.1, and 10 fail to properly apply Address Space Layout Randomization (ASLR), the security process that protects against buffer-overflow attacks by randomizing the memory address where application code is executed. When the user activates the ASLR protection, a bug in the implementation of the feature prevents it from generating enough random data, known as entropy, to start application binaries in random memory locations. These programs are relocated to the same address every time, even after reboots and across different systems. The bug essentially renders the feature nonexistent and leaves users vulnerable to code-reuse attacks that could grant threat actors control of the affected system. The NJCCIC recommends all users and administrators of affected Microsoft Windows operating system versions review the CERT Vulnerability Note and apply the workaround provided to enable ASLR in a system-wide, bottom-up configuration.

AdvisoryNJCCICMicrosoft, Windows