Denys Rudyi - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can enterprises prevent ASLR bypass flaws?

Microsoft won't patch certain ASLR bypass flaws, but enterprises still need to protect against them. Expert Nick Lewis explains the threat and how to avoid it.

ASLR bypass flaws have been in the news lately; I read about one in Internet Explorer that Microsoft will not patch. What are the best ways to improve Web browser security and prevent falling victim to ASLR bypass vulnerabilities?

Microsoft has made significant advances in securing Windows in the last 10-plus years and one of the significant improvements was adding address space layout randomization. ASLR "is a memory-protection process for operating systems that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory." It is one of the key operating system protections for software with vulnerabilities, but does not mitigate all potential vulnerabilities.

In 2014, Microsoft introduced ASLR features called Isolated Heap and MemoryProtection, but it did not address all potential ways memory can be exploited as part of an attack. These two new memory protections required Microsoft to test the impact of the new ASLR features on legitimate software and on the operating system to help determine if the new ASLR features broke legitimate software or introduced new software defects into the operating system. Given the complexity of ASLR and other memory protections, it is difficult and resource intensive to implement new protections. The complexity of ASLR also requires Microsoft to do a cost-benefit analysis and understand the overall additional protection for its customer base.

Not all security vulnerabilities are high enough risk to merit the potential significant resources needed to fix them. This is a very delicate balance, and in the past Microsoft has decided to introduce major security changes for comprehensive service packs or the next version of Windows.

Since 32-bit Internet Explorer is not being patched for the disclosed vulnerability, potential additional protections against an ASLR bypass vulnerability include deploying Microsoft's Enhanced Mitigation Experience Toolkit and running Internet Explorer in a sandbox or secure VM. These protections could also defend against other future vulnerabilities similar to the ASLR bypass flaw. HP TippingPoint also has protections in place for its customers.

Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Learn how to adapt your security program for emerging threats

Find out how to defend against digitally signed malware

Discover whether it's time to ditch the RC4 algorithm

This was last published in February 2016

Dig Deeper on Web application and API security best practices