Friday 24 November 2017

US-CERT Windows ASLR Vulnerability (registry fix)

Or, How to fix Windows ASLR vulnerability on multiple domain computers

Vulnerability Notification Summary

Original release date: November 20, 2017
The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.

How to fix this vulnerability?

Open a Notepad > Copy and Paste the contents given below:
----------------------------------------------------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]

"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00
--------------------------------------------------------------------------------------------------------------------------------









Save this notepad file as .reg (In my case, I saved this file with name as ASLAR.reg)

To deploy this registry setting on single computer, just double click on this file and Say Yes if prompted.

You can use the same registry key values in GPO to apply it on multiple domain computers.

GPO registry configurations should appear like below:

























Cheers, let me know if you have any query of feedback on this..

No comments:

Post a Comment