Enable 'Structured Exception Handling Overwrite Protection (SEHOP)'

Structured Exception Handling Overwrite Protection (SEHOP) blocks exploits that use the Structured Exception Handling overwrite technique, a common buffer overflow attack.

Potential risk

Enabling SEHOP blocks common attack vectors used by attackers looking for vulnerabilities in systems and applications.

Remediation options

Option 1 - Set the following registry value:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation

To the following REG_DWORD value: 0

Option 2 - Set the following Group Policy:
Computer Configuration\Policies\Administrative Templates\MS Security Guide\Enable Structured Exception Handling Overwrite Protection (SEHOP)

To the following value: Enabled