Windows 8 and later has a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy.
To enable both bottom-up ASLR and mandatory ASLR on a system-wide basis on a Windows 8 or later machine, the following registry value should be imported:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00
https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/
http://www.kb.cert.org/vuls/id/817544
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.