A security feature in Windows 10 that has been touted by Microsoft as one of the reasons to upgrade to the operating system, is largely worthless according to research.
The Address Space Layout Randomisation (ASLR) feature makes up part of the security suite in Windows 10 which Microsoft has been promoting as more secure than its previous versions of Windows.
ASLR loads programs at random addresses in memory to defend against cyber security attacks that rely on executing code at programs loaded at predictable memory locations.
The feature has been available from Windows Vista, but whereas it worked with applications that adopted ASLR, with Windows 8 Microsoft introduced Force ASLR which essentially enables ASLR on all applications.
Force ASLR can be switched on through Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), which since the Windows 10 Fall Creators Update, is now part of the Windows Defender Exploit Guard.
So far so good, but a security researcher Will Dormann, who works at Carnegie Mellon University computer emergency response team, tweeted an error in the implementation for Force ASLR which rendered it “worthless”.
Starting with Windows 8.0, system-wide mandatory ASLR (enabled via EMET) has zero entropy, essentially making it worthless. Windows Defender Exploit Guard for Windows 10 is in the same boat. More details to come…https://t.co/xMR5qIKVGH
— Will Dormann (@wdormann) November 16, 2017
He noted that Force ASLR ends up recollecting program memory addresses but after that it uses the same address each time they are executed, essentially losing the randomisation nature of ASLR.
“Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier,” explained Dormann.
He pointed out then Windows 7 does a better job at ASLR than later versions of Windows, which would suggest that Windows 10 isn’t as robust as Microsoft has been championing it as.
Microsoft has yet to comment on the issue, but there’s a chance it will attempt to find a way to get Force ASLR working as it should through a security update.
Related: Best Black Friday deals
Have you encountered any security gremlins in Windows 10? If so, let us know on Twitter or Facebook.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
