For a quote from MSDN :
Control Flow Guard (CFG) is a highly optimized security platform that was created to deal with memory corruption vulnerabilities. By setting tight limits on where the application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows.
We strongly recommend that developers enable CFG for their applications. You do not need to include CFG for every part of your code, as a mixture of the included CFG and the code that does not support CFG will work perfectly. But failure to enable CFG for all code can open security gaps. In addition, CFG-code works fine in versions of "CFG-Unaware" Windows and, therefore, is fully compatible with them.
So when will I not turn it on?
Or in other words, what do I need to check about my code before I enable it, and what are the risks ?
source
share