CF guard is enabled, but delay load IAT is not protected

ID PE059 Level WARNING Category Security

Description

Control flow guard security mitigation is enabled, and the executable uses delay loaded libraries. The delay load import address table (IAT) is not protected by the control flow guard. This reduces the protection level offered by the control flow guard.

Mitigation

Make sure your compiler supports protecting delay load IAT. Do not disable delay load IAT protection when using the CFG. Visual C++ compiler protects it by default when enabling CFG.

Arguments

This rule has no output arguments.