ASLR bypass flaws have been in the news lately; I read about one in Internet Explorer that Microsoft will not patch....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
What are the best ways to improve Web browser security and prevent falling victim to ASLR bypass vulnerabilities?
Microsoft has made significant advances in securing Windows in the last 10-plus years and one of the significant improvements was adding address space layout randomization. ASLR "is a memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory." It is one of the key operating system protections for software with vulnerabilities, but does not mitigate all potential vulnerabilities.
In 2014, Microsoft introduced ASLR features called Isolated Heap and MemoryProtection, but it did not address all potential ways memory can be exploited as part of an attack. These two new memory protections required Microsoft to test the impact of the new ASLR features on legitimate software and on the operating system to help determine if the new ASLR features broke legitimate software or introduced new software defects into the operating system. Given the complexity of ASLR and other memory protections, it is difficult and resource intensive to implement new protections. The complexity of ASLR also requires Microsoft to do a cost-benefit analysis and understand the overall additional protection for its customer base.
Not all security vulnerabilities are high enough risk to merit the potential significant resources needed to fix them. This is a very delicate balance, and in the past Microsoft has decided to introduce major security changes for comprehensive service packs or the next version of Windows.
Since 32-bit Internet Explorer is not being patched for the disclosed vulnerability, potential additional protections against an ASLR bypass vulnerability include deploying Microsoft's Enhanced Mitigation Experience Toolkit and running Internet Explorer in a sandbox or secure VM. These protections could also defend against other future vulnerabilities similar to the ASLR bypass flaw. HP TippingPoint also has protections in place for its customers.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn how to adapt your security program for emerging threats
Find out how to defend against digitally signed malware
Discover whether it's time to ditch the RC4 algorithm
Dig Deeper on Web application and API security best practices
Related Q&A from Nick Lewis
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how ...continue reading
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.