The Windows’ security feature called Address Space Layout Randomization (ASLR) is having implementation issue on Windows 8 and Windows 10 devices, allowing the attackers to target your important data if you use Microsoft EMET on Windows 8 or Windows 10 machines.
New Windows Defender Exploit Guard on Windows 10 Fall Creators Update is also not able to protect the system. The ASLR is used in Windows and even Android to avoid code execution attacks, Microsoft implemented this technology in Windows Vista to counter memory-based attacks.
Security researcher Will Dormann of the CERT/CC discovered the ASLR implementation security flaw on Windows 8 and above including the Fall Creators Update, the most secure version of Windows. While applications can use the ASLR directly, if Microsoft EMET is enabled, it can limit the support for ASLR in specific applications.
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) became part of Windows Defender Exploit Guard (WDEG) with the Windows 10 Fall Creators Update. Even if ASLR is enabled in Windows 8 and Windows 10, it never works.
“Starting with Windows 8.0, system-wide mandatory ASLR (enabled via EMET) has zero entropy, essentially making it worthless. Windows Defender Exploit Guard for Windows 10 is in the same boat,” Dormann wrote on Twitter.
“Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier,” wrote Dormann
