Skip to main content

SQ14126

Detected Windows executable files that do not implement XFG vulnerability mitigation protection.

priorityCI/CD statusseverityeffortSAFE levelSAFE assessment
NonepasslowhighNoneNone

About the issueโ€‹

Extreme Control Flow Guard (XFG) protects the code flow integrity by ensuring that indirect calls are made only to vetted functions. This mitigation protects dynamically resolved function targets by instrumenting the code responsible for transferring execution control. Because the code flow integrity is verified during runtime, malicious code is less likely to be able to hijack trusted execution paths.

How to resolve the issueโ€‹

  • This mitigation option is considered an improvement to the existing control flow guard, but it is not a replacement for it. Both vulnerability mitigations can coexist in the same application, with the control flow guard mitigation used as a fallback on operating systems that do not support its extreme version. The difference between these two mitigations is most noticeable in higher-level programming languages that can discern between function pointers based on their respective signatures. In this case, the extreme control flow guard offers fine-grained code execution control.
  • This vulnerability mitigation option has not yet been made available to Microsoft VisualStudio users.

Incidence statisticsโ€‹

ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.

This section is updated when new data becomes available.

Total amount of packages analyzed

  • RubyGems: 183K
  • Nuget: 644K
  • PyPi: 628K
  • NPM: 3.72M
Statistics are not collected for the SQ14126 policy at this time, or not applicable to this type of issue.