Address Space Layout Randomization (ASLR) in Windows Vista Beta2 ?

UPDATE:  Mike Howard has posted to his blog, confirming David and providing details on the Vista ASLR features.


So, a couple of weeks ago, Jesper Johannsen wrote how the Windows Firewall was one of his favorite security features in Windows Vista.  My favorite security enhancements tend to be architectural security improvements.  I recall the Data Execution Prevention and NX bit support as two good previous examples of this.


I’ve just noticed a full-disclosure post from David Litchfield of NGS Software, asserting that he has confirmed ASLR functionality as part of Vista Beta2.  I note that this security enhancement was not discussed as part of the Vista Security paper that was posted yesterday, but if it did make it into Beta2, is a great enhancement for Vista.  In David’s words:

Address Space Layout Randomization is now part of Vista as of beta 2 [1] . I
wrote about ASLR on the Windows platform back in September last year [2] and
noted that unless you rebase the image exe then little (not none!) is added.
ASLR in Vista solves this so remote exploitation of overflows has just got a
lot harder. I’ve not done a thorough analysis yet but, all going well, this
is a fantastic way for Microsoft to go and builds on the work done with
NX/DEP and stack cookies/canaries.



David Litchfield

With only a slight amount of searching I did find Buffer Underruns, DEP, ASLR and improving the 
Exploitation Prevention Mechanisms (XPMs) on the Windows platform
, a paper published by David last September.


I’m looking forward to further confirmation from David and/or other researchers and the results of the “thorough analysis” that David implies that he is working on.


Think Security ~Jeff

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »