Windows 8 and Later Fail To Properly Apply ASLR

An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode.

The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.

Re:I'm amazed it took this long to notice

Maybe they did notice. Maybe somebody told them that ASLR was making things hard for certain agencies, domestic or foreign. Maybe somebody told them to tell everyone the address space was randomized when in fact it was not.

You fucking useless editors

Here's a better article about the Office patch: https://arstechnica.com/gadgets/2017/11/microsoft-patches-equation-editor-flaw-without-fixing-the-source-code/

From the article:

A look at the Equation Editor's embedded version information also gives clues as to why Microsoft had to take this approach in the first place. It's a third-party tool, developed between 1990 and 2000 by a company named Design Science. That company still exists and is still producing equation editing software, but if we were to guess, Microsoft either doesn't have the source code at all or does not have permission to make fixes to it.

There's no indication that the source code was "lost". They may very well have never had it.