From ce2bf055d879affdebccb9e35614e75388048784 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 6 Nov 2020 12:44:43 -0800 Subject: [PATCH] fixes --- .../microsoft-defender-atp/exploit-protection-reference.md | 2 +- .../exposed-apis-create-app-nativeapp.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md index 8e0b432b66..ba855cf88a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md @@ -402,7 +402,7 @@ Additionally, by enabling EAF+, this mitigation adds the PAGE_GUARD protection t Address Space Layout Randomization (ASLR) mitigates the risk of an attacker using their knowledge of the memory layout of the system in order to execute code that is already present in process memory and already marked as executable. This can mitigate the risk of an attacker leveraging techniques such as return-to-libc attacks, where the adversary sets the context and then modifies the return address to execute existing code with context that suits the adversary's purpose. -Mandatory ASLR forces a rebase of all DLLs within the process. A developer can enable ASLR using the [/DYNAMICBASE](https://docs.microsoft.com/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019) linker option, and this mitigation has the same effect. +Mandatory ASLR forces a rebase of all DLLs within the process. A developer can enable ASLR using the [/DYNAMICBASE](https://docs.microsoft.com/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019&preserve-view=true) linker option, and this mitigation has the same effect. When the memory manager is mapping in the image into the process, Mandatory ASLR will forcibly rebase DLLs and EXEs that have not opted in to ASLR. Note, however, that this rebasing has no entropy, and can therefore be placed at a predictable location in memory. For rebased and randomized location of binaries, this mitigation should be paired with [Randomize memory allocations (Bottom-up ASLR)](#randomize-memory-allocations-bottom-up-aslr). diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index 36d9d46439..4bbd942ec8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -69,11 +69,11 @@ This page explains how to create an AAD application, get an access token to Micr - **Note**: *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear. - ![Image of API access and API selection](images/add-permission.png) + ![add permission](images/add-permission.png) - Choose **Delegated permissions** > **Alert.Read** > select **Add permissions** - ![Image of API access and API selection](images/application-permissions-public-client.png) + ![application permissions](images/application-permissions-public-client.png) - **Important note**: Select the relevant permissions. Read alerts is only an example.