DEP/NX (Data Execution Prevention/ No Execution) marks the memory pages as executable and non-executable. Further, it detects the presence of executable data in non-executable memory page and terminates the execution of malicious code placed by an attacker. DEP is a highly effective security feature that must be enabled in your network computers.
Severity
Critical
Category
OS Security Hardening
Resolution
Follow the below steps to resolve the misconfiguration.
Follow the below steps to resolve the misconfiguration:
Open a command prompt (cmd.exe) or PowerShell with elevated privileges (Run as administrator). Enter "BCDEDIT /set {current} nx AlwaysOn". (If using PowerShell "{current}" must be enclosed in quote). Note: Suspend BitLocker before making changes to the DEP configuration.
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations. Some legacy applications are not compatible with DEP ( Data Execution Prevention) and might crash when DEP is enabled. You can exclude such applications from DEP settings. Also, the potential impact varies depending on the importance of applications and services that are dependent on DEP. Also, enabling or disabling DEP modifies the BCD (Boot Configuration Database). If the hard drive is protected by BitLocker encryption, the user will be asked for the BitLocker recovery key on the next reboot after enabling DEP.
Does remediation require reboot?
Yes
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
