Windows 8 and Later Fail to Properly Apply ASLR, Here's How to Fix

Discussion in 'PC Hardware, Software and Displays' started by Babel-17, Nov 17, 2017.

  1. Babel-17

    Veteran Regular

    Joined:
    Apr 24, 2002
    Messages:
    1,004
    Likes Received:
    245
    Edit: I'm not sure what's up with the fix. I applied it through the .reg file and all was well for a day until I went to use Steam and play some games. Chaos ensued, Steam is acting like it was the first install and installing DirectX and all the rest. Call of Juarez: Gunslinger wouldn't launch, and DOOM launched but in FUBAR mode. Though I was able to discern what buttons to click on to set it right. I undid the registry change, rebooted, and now COJ: Gunslinger launched. A previous reinstall and reboot did nothing. The plot thickens as when I went into Windows Defender Settings Menu and I set both settings to enabled, and the problem returned after the reboot. Bottom up has a default of on. I went with that, rebooted, and now COJ: Gunslinger is working again. Bizarre, and I throw my hands up in surrender. I say avoid all of this, but keep it in mind.


    I saw this posted at slashdot, read the higher ranked comments, looked at the article, and thought I'd check. Son of a gun, I didn't have it set the way they advise. I didn't even know those setting were there.

    https://it.slashdot.org/story/17/11/17/207239/windows-8-and-later-fail-to-properly-apply-aslr

    https://www.bleepingcomputer.com/ne...fail-to-properly-apply-aslr-heres-how-to-fix/

    You have to click on that highlighted blue icon, and then click on Exploit protection settings in order to see the above options. Much ado about nothing, or what?

    Edit: The fix might also involve editing the registry, so let’s put a pin in this. I can’t say to just go for it when it comes to regedit.
     
    #1 Babel-17, Nov 17, 2017
    Last edited: Nov 19, 2017
    Cyan, BRiT and Grall like this.
  2. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,172
    Location:
    La-la land
    Interesting that the feature is there as a toggleable option, but it is disabled by default and quite cleverly hidden away too. Any specific downsides, like incompatibilities or such?

    Seems counterproductive, in this day and age of app/OS exploits and all.

    Turned it on, we'll see what happens (if anything :p) after I restart this thing, whenever I get around to... Thanks for making this post!
     
    Cyan likes this.
  3. Babel-17

    Veteran Regular

    Joined:
    Apr 24, 2002
    Messages:
    1,004
    Likes Received:
    245
    What's really weird is that apparently turning it on isn't enough. You need to edit the registry to make it system wide and bottom-up.

    https://www.kb.cert.org/vuls/id/817544

     
  4. Babel-17

    Veteran Regular

    Joined:
    Apr 24, 2002
    Messages:
    1,004
    Likes Received:
    245
    I just edited the OP. I put it up top.
     
  5. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,172
    Location:
    La-la land
    Well, in my Win10 version (should be autumn creator's patch), I have separate combo boxes for both mandatory rando and bottom-up. Either these do not work at all and just pretend to do what they say they do (?), or editing the registry is actually not necessary? :D

    They're well hidden though. I'd love to hear MS's rationalization for making the more secure options so hard to find AND defaulting off. Hopefully, just hopefully, the genuine, never-to-be-uttered-publically explanation does not involve making the NSA's work easier when penetrating peoples' PCs with malware... :p
     
  6. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    12,868
    Likes Received:
    9,264
    Location:
    Cleveland
    I must be something wrong as i dont have that section at all in my Win10 Pro system. I dont know if its Falls Creator or not.
     
  7. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,172
    Location:
    La-la land
    Open New Control Panel (the shitty, confusing, bad one), and go to Updates and Security section (guessing button labels; running swedish windows here....). Next click Windows Defender in the left frame, then "Open Windows Defender Security Center" button in right frame. Click App and Web Browser button; 2nd rightmost one. (No idea why this option is sorted in under this heading...) Scroll to the bottom of this new page; click the blue text link which says "Settings for vulnerability protection" or somesuch.

    Here you should find these options.

    Really loving microsoft for how easily found and accessible these toggles are... ;)
     
  8. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    12,868
    Likes Received:
    9,264
    Location:
    Cleveland
    I'm trying... :lol:

    This is so easy... :runaway:

    upload_2017-11-19_12-30-0.png

    upload_2017-11-19_12-30-11.png

    upload_2017-11-19_12-33-6.png
     
  9. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    12,868
    Likes Received:
    9,264
    Location:
    Cleveland
    I'm not sure if it's because I have NOD32 AV installed or not. *shrug*
     
  10. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,172
    Location:
    La-la land
    @BRiT

    You can't scroll further down past "Smartscreen for windows store apps" on the "Apps & browser control" page? That's where you should find the link to memory randomization settings. If you have nothing there then something seems borked...

    Windows defender shouldn't be involved with these settings, as they're involved with core functionality of windows OS itself, but trust MS to fuck with people because why not (and for using 3rd party antivirus just because it isn't MS's offering.)
     
  11. digitalwanderer

    digitalwanderer Dangerously Mirthful
    Legend

    Joined:
    Feb 19, 2002
    Messages:
    17,334
    Likes Received:
    1,827
    Location:
    Winfield, IN USA
    Could someone explain what this is and why I'd want it before I jump through all these hoops, in little words please that a very stupid person could understand. ;)
     
  12. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    12,868
    Likes Received:
    9,264
    Location:
    Cleveland
    @Grall there's nothing more on those screens. I even maximized it full-screen to 1920x1200. It's definitely borked on my side. I might need to do a fresh install at some point.
     
  13. zed

    zed
    Veteran

    Joined:
    Dec 16, 2005
    Messages:
    4,466
    Likes Received:
    641
    I see the same as BriT, or should that be NOT see
     
  14. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,172
    Location:
    La-la land
    @BRiT @zed

    Are you both using 3rd party antivirus? I only use windows defender, because I'm too cheap to pay for anything and I don't trust free 3rd party antivirus. :p
     
    digitalwanderer and BRiT like this.
  15. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    12,868
    Likes Received:
    9,264
    Location:
    Cleveland
    I have Nod32 AV installed. I wouldn't think having an AV installed means ASLR wouldn't be usable, unless that disables Defender advanced settings. I want both.
     
  16. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,172
    Location:
    La-la land
    Apparently installing 3rd party AV disables ransomware protection which was added in the latest Win10 major patch, so maybe pretty much everything under the Win Defender banner gets disabled if you have 3rd party AV...
     
  17. zed

    zed
    Veteran

    Joined:
    Dec 16, 2005
    Messages:
    4,466
    Likes Received:
    641
    I've only got windows defender
     
  18. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    12,868
    Likes Received:
    9,264
    Location:
    Cleveland
    I figured it out. It showed up after I updated to Windows Fall Update, build 1709 or later. I dont know why build 1703 wouldnt have had it.
     
    Kej and Grall like this.
  19. tongue_of_colicab

    Veteran

    Joined:
    Oct 7, 2004
    Messages:
    3,469
    Likes Received:
    671
    Location:
    Japan
    My server is still on 1703 and that has the options from the screenshots earlier in this thread. I'm only using defender.
     
  20. BRiT

    BRiT (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    12,868
    Likes Received:
    9,264
    Location:
    Cleveland
    Well shit. There goes my previous theory. Maybe my setup was just hosed and an upgrade to Windows Fall Creators Update fixed it. I still have NOD32 installed and I now have the options available. :???:
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...