Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-77095 | WN10-EP-000030 | SV-91791r1_rule | Medium |
Description |
---|
Exploit protection in Windows 10 enables mitigations against potential threats at the system and application level. Several mitigations, including "Randomize memory allocations (Bottom-Up ASLR)", are enabled by default at the system level. Bottom-Up ASLR (address space layout randomization) randomizes locations for virtual memory allocations, including those for system structures. If this is turned off, Windows 10 may be subject to various exploits. |
STIG | Date |
---|---|
Windows 10 Security Technical Implementation Guide | 2017-12-01 |
Check Text ( C-76705r2_chk ) |
---|
This is NA prior to v1709 of Windows 10. Run "Windows PowerShell" with elevated privileges (run as administrator). Enter "Get-ProcessMitigation -System". If the status of "ASLR: BottomUp" is "OFF", this is a finding. Values that would not be a finding include: ON NOTSET |
Fix Text (F-83793r2_fix) |
---|
Ensure Exploit Protection system-level mitigation, "Randomize memory allocations (Bottom-Up ASLR)" is turned on. Open "Windows Defender Security Center". Select "App & browser control". Select "Exploit protection settings". Under "System settings", configure "Randomize memory allocations (Bottom-Up ASLR)" to "On by default" or "Use default ( |