8. Malicious Code Execution Prevention
Rapid7 found that 54 percent of surveyed customers either do not use code execution prevention on their users' systems or don't know whether or not they do. Microsoft supports both data execution prevention (DEP) and address space layout randomization (ASLR) in all supported versions of Windows. Depending on the Windows version, system administrators need to take measures to enable the controls. Both attack mitigation technologies help prevent attackers from executing code or make it more difficult for them to break out into the underlying operating system to cause damage.