LMNTRIX LABS ADVISORY: Windows ASLR workarounds

This past week, the Microsoft ASLR vulnerability (or feature, depending on who ask…) has been a hot topic. 

Without going too far into the weeds given the high amount of attention this has already received, LMNTRIX researchers have developed two workarounds for those concerned about the potential vulnerability (or feature…) being exploited:

Method One

The first method involves creating a text file with the below contents. Simply save this file with a .reg extension, then import this reg file to the existing registry entries in Windows versions 8-10:


Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00 

Method Two

The second method is straightforward, as long as you’ve got the latest Windows 10 Fall Creators Update. As per the below image, flip the ‘Randomize memory allocations (bottom-up ASLR)’ settings Off and back On. This will create the registry entry. 



Conclusion

ASLR mitigates against attacks using multiple techniques that rely on code being found in predictable system memory locations. 

As many important applications run in these memory locations, proper randomisation makes the attacker’s job much harder. With organisations moving to the latest versions of Windows, these workarounds can ensure the ASLR feature is applied system wide.  

 


On 2017-11-24

Popular Posts

Privacy Statement | Terms of Use