CET stack protection is not enabled
ID PE080 Level WARNING Category Security
Description
CET-based (Intel Control Flow Enforcement Technology) stack protection is not enabled for the executable.
Shadow stack is a hardware-enforced read-only memory region that helps keep record of the intended control-flow of the program.
On supported hardware, call instructions push the return address on both stacks, and return instructions compare the values
and issue a CPU exception if there is a return address mismatch.
Having this mitigation disabled may make exploitation of some vulnerabilities easier. It may make taking control of the execution flow easier for an attacker.
Mitigation
If using Visual C++:
- Enable CET stack protection by providing the
/CETCOMPAToption to the linker.
Arguments
This rule has no output arguments.
Loading...
Unable to load this documentation page.