Monday, January 1, 2018

ASLR Registry setting with Windows

Windows 8 and later has a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy.

To enable both bottom-up ASLR and mandatory ASLR on a system-wide basis on a Windows 8 or later machine, the following registry value should be imported:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/

http://www.kb.cert.org/vuls/id/817544

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.