![HOW TO: Prevent the ROP Exploit [RCE] People Are Using.](/tipsimgs/cache/tipsimgs/imgs/callofdutymodernwarfare2multiplayerhowtopreventtheropexploitrcepeopleareusing-tips-s650x366.jpg)
Basically The Jist...
![HOW TO: Prevent the ROP Exploit [RCE] People Are Using. image 1](https://steamuserimages-a.akamaihd.net/ugc/2439138553932283702/DEC1D0269D9F92CDBD4A2A1E32862A727DF7889F/)
![HOW TO: Prevent the ROP Exploit [RCE] People Are Using. image 2](https://steamuserimages-a.akamaihd.net/ugc/2439138553932283884/5E786EAD7C270BA5348A62B4E0D1371FB6579D12/)
![HOW TO: Prevent the ROP Exploit [RCE] People Are Using. image 3](https://steamuserimages-a.akamaihd.net/ugc/2439138553932284181/852D173ECD6FF383C93E458FBD55DAECCB79986D/)
![HOW TO: Prevent the ROP Exploit [RCE] People Are Using. image 4](https://steamuserimages-a.akamaihd.net/ugc/2439138553935632195/E32468139750EF85F4883F12360E0865B07E95AD/)
![HOW TO: Prevent the ROP Exploit [RCE] People Are Using. image 5](https://steamuserimages-a.akamaihd.net/ugc/2439138553932283518/D9294AB16816E666520134073E1DD601FFFED775/)
![HOW TO: Prevent the ROP Exploit [RCE] People Are Using. image 6](https://steamuserimages-a.akamaihd.net/ugc/2439138553932274995/3B1CF4AD91340FC321C0396D1AF2BF19266C849C/)
![HOW TO: Prevent the ROP Exploit [RCE] People Are Using. image 7](https://steamuserimages-a.akamaihd.net/ugc/2439139420178941522/183106F0F567935DA3B336D49FA4E3AAB3FC6FE7/)
I could expand this guide, but I have been experimenting with many different Memory Exploit Mitigation Systems by many different vendors, and while anything that stops a Return Oriented Program exploit will work. There are many solutions. Some by Microsoft, Symantec, Malware Bytes, Mcafee, certainly others as well. While I am very skeptical that there is a privilege escalation exploit inside of this ROP exploit, i could imagine that one could be figured out, I mean anything is possible with 0s and 1s controlling your world, and I always err on the side of caution when dealing with infosec.
MS delivers windows 10 with many MEM or exploit protections disabled, however there are many that are enabled by default. those are located in the task tray on the bottom right., there are however many many program exploit protections that you have to enable specifically for an enunciated program. most of these that would actually protect iw4mp.exe (the cod executable) end up causing the game to not load up. you can find these under app and browser control inside the windows defender security center that comes with windows 10 build 1709 the fall creators update
and then scroll all the way to the bottom for the special exploit protections.
you could inside here add a custom rules for your iw4mp.exe, but this causes the program to crash before loading. this might be fixed in future updates of windows so you could always try, but remember to remove the rule inside here for the iw4mp.exe if you are using another protections method from another vendor.
like i said most of these make the game unstartable for me, maybe not for you because you have newer proc? but the ones that we would want enabled to prevent an ROP buffer overflow attack would be SimExec CallerCheck and StackPivot specifically, obviously you want more protections than none if there is no cost, but those would be the ones that deal with ROP gadgets, their detections and their preventions.
Since all of those crash iw4mp.exe you could always enable the HVCI protection available from MS with windows 10. this would completely protect you from 0 day exploits, ROPs, many many memory overflow or stack smashing hacks, as it doesnt give access to the stack but makes the system think the hypervisor is the stack.
please see https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10
I tried symantec, otherwise known as norton, but setting that up was a giant pain in the ass, they only offer custom application guarding to premiere paying customers, and i am cheap as ♥♥♥♥, so i gave up on that one.
Next I looked up Malwarebytes, and decided to see if there was any free beta program going for them atm and if their MEM exploit package was available in it. sure enough there was and it was just their exploit protections, and not their virus or malware protection programs bundled with it. you can get that here
https://forums.malwarebytes.com/forum/126-anti-exploit-beta/
EDIT:
i didnt link to the software from their forum, mainly because it is not proper, and i figured most people could see that the very two top threads where the "experimental build" and the current "release candidate."
BACK TO THE GUIDE:
once installed it is very simple, add a shield under the shield tab for the exe,
"c:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe"
under the profile of other... once that is set go into the settings tab, click advanced settings, and then check off all boxes on all tabs for the other category, especially focusing on the one labelled "advanced memory protection." please add a shield for mw3's exe as well they claim this ROP exploit works inside mw3 as well.
this should work to prevent this attack, i dont guarantee it, but that is life right? I would go with the HVCI if your processor and bios supports it. it definitely renders the ROP exploits null, or at least that is what Microsoft is saying...
and for those that are actually trying to produce exploits, there is a proper way to disclose, and document them, and it isnt by giving them to people to use
https://google.com/?q="how to disclose an exploit"
you could take the first google result here
http://howdoireportavuln.com/
but what I would do if I was really "concerned" about an exploit, and dear God there are plenty of exploits and attacks possible in every legacy code, and mw2 multiplayer is for sure legacy, I would go here
https://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00
or here
https://cve.mitre.org/about/index.html
do it the right way
edit:
just found out that kapersky aep will also protect against the return oriented procedure hack as well as prevent shellcode execution...
https://www.kaspersky.com/enterprise-security/wiki-section/products/automatic-exploit-prevention-aep
Source: https://steamcommunity.com/sharedfiles/filedetails/?id=1359803347
More Call of Duty: Modern Warfare 2 - Multiplayer guilds
- All Guilds
- ACTIVAR NAT
- Call Of Duty Modern Warfare 2 Multiplayer Guide 10
- How to aim the Intervention
- MW2 MW3
- How to run faster than sanik himself
- FPS Boost
- Call of Duty Multiplayer Guide
- / Classes