XF guard is disabled
ID PE062 Level INFO Category Security
Description
Extended flow guard security mitigation is disabled. This guard is an extended version of the CFG (Control flow guard) security mitigation with stricter hash-based call target checking. XFG makes taking control of the execution flow more difficult for an attacker.
Note that XFG is currently not documented by Microsoft and may be considered experimental.
Mitigation
When using Visual C++:
- Pass the
/guard:xfgoption to both the compiler and the linker when building the executable. - Note that XFG can not be used with incremental link-time code generation (iLTCG).
Instead of passing the
/LTCG:incrementaloption to the linker, pass the/LTCGoption when using the link-time code generation.
Arguments
This rule has no output arguments.
Loading...
Unable to load this documentation page.