Researchers found a way to bypass Microsoft's Control Flow Guard in Windows

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Control Flow Guard (CFG) is a platform security feature available in Windows that was created to combat memory corruption vulnerabilities. CFG restricts where an application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows. Now, a group of researchers from the University of Padua, in Italy have found a way to bypass Control Flow Guard. According to the researchers, they took advantage of a design flaw in CFG to call portions of code that should not be allowed by CFG.

“The [control flow] restriction is precise only when the allowed targets are aligned to 16 bytes,” Biondo says. “If they are not, then there is a 16-byte imprecision around the target” that attackers can take advantage of to bypass CFG, he notes.

The researchers have named this exploit as the Back to the Epilogue (BATE) attack. Microsoft is aware of this security issue and the fix will be released as part of upcoming Windows 10 RS4 release.

Learn more about this issue here.

User forum

0 messages