Information
This setting determines how applications become enrolled in Address Space Layout Randomization (ASLR).
The recommended state for this setting is: Enabled: Application Opt-In.
Rationale:
ASLR reduces the predictability of process memory, which in-turn helps reduce the reliability of exploits targeting memory corruption vulnerabilities.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: Application Opt-In:
Computer Configuration\Policies\Administrative Templates\Windows Components\EMET\System ASLR
Note: This Group Policy path does not exist by default. An additional Group Policy template (EMET.admx/adml) is required - it is included with Microsoft Enhanced Mitigation Experience Toolkit (EMET).
Impact:
ASLR protections will be enabled on applications that have been configured for it in EMET.
Default Value:
User configured.
References:
1. CCE-35483-7