Windows-Secure-Host-Baseline icon indicating copy to clipboard operation
Windows-Secure-Host-Baseline copied to clipboard

Published 20 hours ago verified publisher icon nsacyber

SEHOP not enforced

Open mlosapio opened this issue 6 years ago • 2 comments

This STIG doesn't appear to be applied anywhere.

https://www.stigviewer.com/stig/windows_10/2016-11-03/finding/V-68849

It does flag on the compliance report:

FAILED WN10-00-000150: Structured Exception Handling Overwrite Protection (SEHOP) must be turned on.

mlosapio avatar Apr 21 '18 22:04 mlosapio

Clarifying on this issue:

When attempting to use the SHB and subsequent compliance checks on a v1709 host, it returns a finding as listed above. This is due to the deprecation of EMET on v1709 and higher builds of W10.

The correct COA here would be to port over the EMET ruleset into exploit guard as a separate lgpo pack that can be applied to more modern versions of W10.

cryps1s avatar Apr 21 '18 22:04 cryps1s

Ultimately this will be resolved once we post materials for when the next SHB is out (soon).

iadgovuser1 avatar Apr 23 '18 19:04 iadgovuser1