Delay load IAT is protected by CF guard, but is not marked as being in the separate section

ID PE060 Level INFO Category Security

Description

Control flow guard security mitigation is enabled, and the executable uses delay loaded libraries. The delay load import address table (IAT) is protected by the control flow guard, but is not marked as being placed in a separate section. Having delay load IAT in a separate read-write section is recommended to keep compatibility with older operating system versions.

Read more information in the official Microsoft resources.

Mitigation

When using Visual C++:

  • Make sure you do not merge the delay load IAT section (usually .didat) with other sections.
  • Make sure you do not change the defaul attributes of the delay load IAT section. It should be read+write only.

Arguments

This rule has no output arguments.