Last June, one of my blogs talked about how ASLR (Address Space Layout Randomization) would help prevent vulnerability attacks on Windows Vista by loading code that run the system into different memory locations. Recently, a paper has been released regarding a flaw present in the implementation of this security measure.

Here’s a summary of what the paper talks about: Although ASLR does actually randomize processes when they are loaded into memory, the way it randomizes it is fairly predictable. Based on how it is implemented, there are 256 ways of loading the code into memory—that is, 256 locations for the operating system to randomize. However, it only uses 32 locations among the 256 locations. This means that whenever it randomizes an address, it can use a single one frequently, making its location predictable for would-be attackers.

I share the same sentiments with the writer of the paper. Vista’s ASLR is far from utilizing its full potential. Improvements should definitely be made before this flaw can be used to facilitate another attack.