WINDOWS VULNERABILITY MITIGATIONS:
RAISING THE BAR AND COSTS FOR THE BAD GUYS
No mitigations
• DEP
• /GS
• SafeSEH
• Heap hardening v1
• ASLR v1
• SEHOP
• Heap hardening v2
• ASLR v2
• Kernel SMEP &
DEP
• Heap hardening v3
• CFG
Exploitation was not
inhibited
• Data can't be
executed as code
• Protection for stack
buffers, exception
chains, and heap
metadata
• Memory layout is
randomized
• Improved
protection for
exception chains
and heap metadata
• Improved memory
layout
randomization
• Improved
protection for heap
metadata & buffers
Only valid functions
can be called
indirectly
