The success of many cyberattacks, particularly zero-day exploits, relies on the hacker''s ability to know or guess the position of processes and functions in memory. To prevent this, enable ASLR (Address space layout randomization) which is a memory-protection process that randomizes the location where system executables are loaded into memory. This would cause the target application to crash when an attacker attempts to exploit an incorrect address space location, thus preventing the attack.
Severity
Critical
Category
OS Security Hardening
Resolution
Follow the below steps to resolve the misconfiguration.
Download and Install EMET.Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> EMET -> "System ASLR" to "Enabled" with "Application Opt-In" selected. The Enhanced Mitigation Experience Toolkit must be installed on the system and the administrative template files added to make this setting available.
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations. Enabling ASLR system wide might break some 32bit applications running in 64 bit system.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
