Back
  • Misconfig Name
  • Address Space Layout Randomization is not enabled
  • Description
  • The success of many cyberattacks, particularly zero-day exploits, relies on the hacker''s ability to know or guess the position of processes and functions in memory. To prevent this, enable ASLR (Address space layout randomization) which is a memory-protection process that randomizes the location where system executables are loaded into memory. This would cause the target application to crash when an attacker attempts to exploit an incorrect address space location, thus preventing the attack.
  • Severity
  • Critical
  • Category
  • OS Security Hardening
  • Resolution
  • Follow the below steps to resolve the misconfiguration. Download and Install EMET.Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> EMET -> "System ASLR" to "Enabled" with "Application Opt-In" selected. The Enhanced Mitigation Experience Toolkit must be installed on the system and the administrative template files added to make this setting available.
  • Issues after applying the resolution
  • Altering the existing security setting may create the following impact in your network operations. Enabling ASLR system wide might break some 32bit applications running in 64 bit system.
  • Reboot Required
  • No