As per
https://docs.microsoft.com/en-us/cpp/build/reference/guard-enable-control-flow-guard?view=vs-2019:
Control Flow Guard (CFG) is a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities. By placing tight restrictions on where an application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows.
As far as I can tell, ASLR seems to be already supported / enabled.
mIRC is currently built with Visual Studio 2008. As far as I am aware, the guard option is only available in Visual Studio 2015 and onwards. I may move to a newer version of Visual Studio in the future but that would likely require code-rewriting and a lengthy beta cycle.
(I notice that VC++ VS 2015 Community is très popular on the githubs for windows projects)
If anyone is curious, here is the working set of "mitigation options"; tested on Win 10 10362.
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
<AppConfig Executable="mirc.exe">
<DEP Enable="true" EmulateAtlThunks="false" />
<ASLR ForceRelocateImages="true" RequireInfo="false" BottomUp="true" HighEntropy="true" />
<StrictHandle Enable="true" />
<ExtensionPoints DisableExtensionPoints="true" />
<DynamicCode BlockDynamicCode="true" AllowThreadsToOptOut="false" Audit="false" />
<ControlFlowGuard Enable="true" SuppressExports="false" />
<SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" Audit="false" AuditStoreSigned="false" EnforceModuleDependencySigning="true" />
<Fonts DisableNonSystemFonts="true" AuditOnly="false" Audit="false" />
<ImageLoad BlockRemoteImageLoads="true" AuditRemoteImageLoads="false" BlockLowLabelImageLoads="true" AuditLowLabelImageLoads="false" />
<Payload EnableExportAddressFilter="true" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" AuditEnableRopSimExec="false" />
<SEHOP Enable="true" TelemetryOnly="false" />
<Heap TerminateOnError="true" />
<ChildProcess DisallowChildProcessCreation="true" Audit="false" />
</AppConfig>
</MitigationPolicy>