Structured Exception Handling Overwrite Protection (SEHOP) must be turned on.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-68847	WIN00-000150	SV-83443r1_rule		High

Description
Attackers are constantly looking for vulnerabilities in systems and applications. Structured Exception Handling Overwrite Protection (SEHOP) blocks exploits that use the Structured Exception Handling overwrite technique, a common buffer overflow attack.

STIG	Date
Windows 7 Security Technical Implementation Guide	2018-02-12

Details

Check Text ( C-69319r3_chk )
If SEHOP is configured through the Enhanced Mitigation Experience Toolkit (EMET) (V-36706), this is NA. Verify SEHOP is turned on. If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Session Manager\kernel\ Value Name: DisableExceptionChainValidation Value Type: REG_DWORD Value: 0

Check Text ( C-69319r3_chk )

If SEHOP is configured through the Enhanced Mitigation Experience Toolkit (EMET) (V-36706), this is NA.

Verify SEHOP is turned on.
If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SYSTEM\CurrentControlSet\Control\Session Manager\kernel\

Value Name: DisableExceptionChainValidation

Value Type: REG_DWORD
Value: 0

Fix Text (F-75021r1_fix)
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Session Manager\kernel\ Value Name: DisableExceptionChainValidation Value Type: REG_DWORD Value: 0