When building DLLs for Windows, ICU4C still uses fixed base addresses for the libraries, despite the fact that (seemingly) nothing within the ICU code base ever uses or relies on these fixed address.
This is rather bad for a number of reasons:
This forces ASLR to be completely disabled for the ICU libraries, which is a security risk.
It prevents using high-entropy virtual addresses for 64-bit architectures (an enhanced form of ASLR).
It completely blocks building ICU libraries for architectures like ARM64, were DYNAMICBASE is required/mandated.
It also prevents using the non-UWP binaries in a UWP application as well.
I suspect that these fixed base addresses are a hold over from back when ICU supported Windows XP/2000. However, as of ICU 58 these older OSs are no longer supported, and the minimum supported OS version is Windows Vista, which fully supports ASLR.
We should consider removing these fixed base addresses and enable DYNAMICBASE in order to improve the security of the ICU libraries on Windows, and to unblock building for other architectures.