Skip to content
This repository has been archived by the owner on Jun 13, 2023. It is now read-only.

SEHOP not enforced #50

Open
mlosapio opened this issue Apr 21, 2018 · 2 comments
Open

SEHOP not enforced #50

mlosapio opened this issue Apr 21, 2018 · 2 comments
Assignees
@iadgovuser1
Labels
enhancement

Comments

@mlosapio
Copy link

This STIG doesn't appear to be applied anywhere.

https://www.stigviewer.com/stig/windows_10/2016-11-03/finding/V-68849

It does flag on the compliance report:

FAILED WN10-00-000150: Structured Exception Handling Overwrite Protection (SEHOP) must be turned on.
@mlosapio mlosapio mentioned this issue Apr 21, 2018
Closed
@cryps1s
Copy link

cryps1s commented Apr 21, 2018

Clarifying on this issue:

When attempting to use the SHB and subsequent compliance checks on a v1709 host, it returns a finding as listed above. This is due to the deprecation of EMET on v1709 and higher builds of W10.

The correct COA here would be to port over the EMET ruleset into exploit guard as a separate lgpo pack that can be applied to more modern versions of W10.

@iadgovuser1
Copy link
Contributor

Ultimately this will be resolved once we post materials for when the next SHB is out (soon).

@iadgovuser1 iadgovuser1 self-assigned this Apr 23, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@iadgovuser1 iadgovuser1

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cryps1s @mlosapio @iadgovuser1