CF guard is disabled
ID PE020 Level ERROR Category Security
Description
The Control flow guard mitigation is disabled. This makes it easier to exploit memory corruption vulnerabilities by taking control of the execution flow.
CFG enumerates all indirect call targets. It injects a check that precedes every indirect call in code. This ensures that all calls are done to safe known locations.
Read more in the official Microsoft resources.
Mitigation
If using Visual C++:
- Pass the
/guard:cfoption to both the compiler and the linker when building the executable. - Make sure you also pass the
/DYNAMICBASEoption to the linker, which is a prerequisite for CFG.
Arguments
This rule has no output arguments.
Loading...
Unable to load this documentation page.