deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2020-11-06 12:44:43 -08:00
parent 3520b68b54
commit ce2bf055d8
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md
View File

@ -402,7 +402,7 @@ Additionally, by enabling EAF+, this mitigation adds the PAGE_GUARD protection t
Address Space Layout Randomization (ASLR) mitigates the risk of an attacker using their knowledge of the memory layout of the system in order to execute code that is already present in process memory and already marked as executable. This can mitigate the risk of an attacker leveraging techniques such as return-to-libc attacks, where the adversary sets the context and then modifies the return address to execute existing code with context that suits the adversary's purpose.
Mandatory ASLR forces a rebase of all DLLs within the process. A developer can enable ASLR using the [/DYNAMICBASE](https://docs.microsoft.com/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019) linker option, and this mitigation has the same effect.
Mandatory ASLR forces a rebase of all DLLs within the process. A developer can enable ASLR using the [/DYNAMICBASE](https://docs.microsoft.com/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019&preserve-view=true) linker option, and this mitigation has the same effect.
When the memory manager is mapping in the image into the process, Mandatory ASLR will forcibly rebase DLLs and EXEs that have not opted in to ASLR. Note, however, that this rebasing has no entropy, and can therefore be placed at a predictable location in memory. For rebased and randomized location of binaries, this mitigation should be paired with [Randomize memory allocations (Bottom-up ASLR)](#randomize-memory-allocations-bottom-up-aslr).

4
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
View File

@ -69,11 +69,11 @@ This page explains how to create an AAD application, get an access token to Micr
- **Note**: *WindowsDefenderATP* does not appear in the original list. Start writing its name in the text box to see it appear.
![Image of API access and API selection](images/add-permission.png)
![add permission](images/add-permission.png)
- Choose **Delegated permissions** > **Alert.Read** > select **Add permissions**
![Image of API access and API selection](images/application-permissions-public-client.png)
![application permissions](images/application-permissions-public-client.png)
- **Important note**: Select the relevant permissions. Read alerts is only an example.