Exploit Protection: Structured Exception Handling Overwrite Protection (SEHOP) must be enabled


Attackers are constantly looking for vulnerabilities in systems and applications. Structured Exception Handling Overwrite Protection (SEHOP) blocks exploits that use the Structured Exception Handling overwrite technique, a common buffer overflow attack.


To fix this configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MS Security Guide
|_ "Enable Structured Exception Handling Overwrite Protection (SEHOP)" to "Enabled".

This policy setting requires the installation of the SecGuide custom templates. "SecGuide.admx" and " SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\ folder for domain controllers

Available here: https://www.microsoft.com/en-us/download/details.aspx?id=55319 / https://public.cyber.mil/stigs/gpo/
or at EventSentry GitHub repository here: https://github.com/eventsentry/resources

STIG: Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2023-09-29/finding/V-253284
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2023-09-29/finding/V-220727 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220727

NIST 800-53: : CM-7(2)
NIST 800-171 Rev 2: 3.4.7
NIST 800-171 Rev 3 FPD: 3.4.8.a, 3.4.8.b, 3.4.8.c
CMMC v2 L2: CM.L2-3.4.7