Microsoft Beefs Up EMETMicrosoft Beefs Up EMET
Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs
February 26, 2014
RSA CONFERENCE 2014 – San Francisco, Calif. – Microsoft has enhanced its popular Enhanced Mitigation Toolkit (EMET) with new functions that help halt exploits from hitting endpoint machines. The software giant today released a preliminary, technical review version of the new tool, EMET 5.0.
EMET 5.0 comes with a new feature called Attack Surface Reduction that lets organizations selectively enable Java, Flash Player, and third-party plug-ins. An organization could set EMET to allow Java to run only for internal applications that need it while disabling Java execution in non-internal applications. It does much the same for Flash: "It lets you use Flash in the browser, but blocks Flash from executing in Excel" or other Office files, for example, says Jonathan Ness, principal security development manager for Microsoft Trustworthy Computing.
RSA Conference 2014
The new version also comes with a hardened version of EAF (Export Address Table Filtering), and also enables "deep hooks" mitigation by default, which stops the bypass attack demonstrated in research released yesterday by Bromium Labs that pokes holes in EMET 4.1.
"I'm eager to see the feedback on these" new features, Ness said in an interview. The feedback will help shape the tool's final form, he says.
The new features in EMET help block attacks Microsoft has found and analyzed over the past few months. "We've raised the bar for the attacker," Ness says. "Because of the shift in the landscape, it makes exploitation more difficult."
Dan Kaminsky, chief scientist of WhiteOps, says EMET is a useful defense tool for Windows machines because it can update security for Windows at a faster clip than the longer operating system update cycle. "It spurs the development of new features and defenses," Kaminsky says.
But EMET's main limitation is that it relies on known vectors of return-oriented programming (ROP) exploitation methods, says Rahul Kashyap, chief security architect and head of security research at Bromium.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
5 Reasons To Move your PKI Deployment to the Cloud