HomeWinBuzzer NewsMissing Microsoft ASLR Mitigation Leaves Windows Apps Vulnerable Across Linux Distros

Missing Microsoft ASLR Mitigation Leaves Windows Apps Vulnerable Across Linux Distros

Leading Linux distributions are leaving Windows apps open to attack due to missing the ASLR mitigation that appears to be in place but is not.

-

Windows applications running on numerous distributions are vulnerable because of a problem in the Linux compiling tool for building apps. Mingw-w64 or Minimalist GNU for Windows for 64-bit PCs are not implementing 's address space layout randomization (ASLR) mitigation.

If you are unfamiliar with ASLR, it is a defence that prevents code executed attacks on predictable memory locations on an operating system. It does this by literally randomizing program load addresses. The feature is a mainstay across Windows, Linux, Android, iOS and MacOS.

Carnegie Mellon University's computer emergency response team (CERT/CC) says “mingw-w64 produces executable Windows files without a relocations table by default, which breaks compatibility with ASLR”.

It is worth pointing out that CERT/CC has hardly embraced ASLR in the past. Indeed, CERT researcher Will Dormann said last year “Starting with Windows 8.0, system-wide mandatory ASLR (enabled via EMET) has zero entropy, essentially making it worthless. Exploit Guard for is in the same boat.”

Dormann is the researcher discussing the lack of ASLR in Linux distributions. He says for five years developers have been using mingw-w64 to create Windows executable. These should all be compatible with the ASLR mitigation. However, that is not the case because a necessary “relocations table” is missing.

Easy Access

As a result, many vulnerabilities will be easier to exploit within on Linux. Dormann explains while appearing to have ASLR, executables are actually lacking the mitigation:

“For ASLR to function, Windows executables must contain a relocations table. Despite containing the ‘Dynamic base' PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.”

CERT/CC says the flaw can be found in many leading Linux distribution. Among those affected are Debian, Red Hat, Ubuntu, SUSE Linux, Arch Linux, CentOS, and many more. Researchers say they notified the software vendors in late July and are awaiting a response.

SourceCERT/CC
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News