1.    29 Dec 2014 #1
    Join Date : Oct 2013
    Posts : 15,600
    64-bit Windows 10 Pro build 14951

    EMET your enterprise for peak Windows security

    Microsoft has put many defensive technologies, like ASLR, DEP and SAFESEH into Windows over the years to mitigate against the exploitation of vulnerabilities in Windows and applications. But Microsoft is rightfully very conservative about making such changes for all Windows users. There are other things that can be done which Microsoft has not seen fit to roll into Windows.

    Instead, Microsoft puts these in the Enhanced Mitigation Experience Toolkit (EMET - pronounced with two soft e's). EMET is a tool you install on a Windows system which allows you to impose additional restrictions on specific applications on that system. It's common, when Microsoft discloses a vulnerability, for them to announce that use of EMET would mitigate it.

    Most recently, in MS14-080, the December Cumulative Security Update for Internet Explorer, 11 of the 14 vulnerabilities were memory corruption vulnerabilities and the bulletin says that "EMET helps to mitigate these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer."

    See also: Enhanced Mitigation Experience Toolkit (EMET) - Windows 7 Help Forums
      My System SpecsSystem Spec

  2.    14 Sep 2015 #2
    Join Date : Sep 2015
    Posts : 4
    Windows 10 Pro 64-bit

    EMET 5.2 certificate pinning does not work in Windows 10

    I cannot get EMET 5.2 certificate pinning to work in Windows 10.

    When I test EMET by pinning an incorrect Root CA certificate to the website, Windows 10 does not block website access like Windows 8.1 does.

    Has EMET certificate pinning been disabled in Windows 10 ? If so, has this functionality been superceded by a better technique ?

    I have searched high and low, and this anecdotal reference is the only thing I can find:
    "Windows 10 does not use certificate pinning, means someone can easily apply a man-in-the-middle-attack for each Microsoft cloud-access for example"

    ..... Para Dox
      My System SpecsSystem Spec

  3.    15 Sep 2015 #3
    Join Date : Sep 2015
    Posts : 4
    Windows 10 Pro 64-bit

    Windows 10 EMET certificate pinning with Edge, Firefox, and Chome

    I partially resolved the problem.

    I noticed 'Event ID: 42' registered in the Event Log:

    "EMET detected that the SSL certificate for "www.mybank.com.au" is not trusted by the rule "My Custom Rule-MybankCA" associated with the domain "www.mybank.com.au"

    I had not checked the EMET checkboxes for "PublicKey Match" and "Blocking Rule".

    However, even when I check these checkboxes, then test using an incorrect Root CA certificate, it still only blocks access to the website and records Event ID 42 using IE11, but not when using Edge, Firefox, or Chrome browsers. This behavior is the same in both Windows 8.1 and Windows 10.

    Firefox and Chrome have the green light to indicate that they are running EMET. Edge does not have a green light even though it is configured to run EMET.

    Does anybody know how to get EMET certificate pinning to work using Edge, Firefox, or Chrome browsers ?

    .... Para Dox
      My System SpecsSystem Spec

  4.    16 Sep 2015 #4
    Join Date : Sep 2015
    Posts : 4
    Windows 10 Pro 64-bit

    Page 28 of the EMET User Guide has instructions for 3rd Party browsers.

    I just configured the registry in both Windows 10 and Windows 8.1 as per those instructions .

    It still does not work for either Microsoft Edge, Firefox, or Chrome browsers.

    The EMET manual does say that the API support for 3rd party browsers is still experimental. I guess we will have to wait until the next EMET release for Edge support . Firefox and Chrome support .... anybody's guess.
      My System SpecsSystem Spec


Similar Threads
Thread Forum
Windows 10 Enterprise LTSB (64-bit) when will it be available?
Good Day! Does anyone know when Windows 10 Enterprise LTSB (64-bit) and (32-bit) Versions will be available in the near future on MSDN or on the MS Enterprise Partners Servers? I been searching and no such luck for a version of Windows 10...
General Support
Solved Windows 10 10162 Enterprise ISO
How do I get an Enterprise ISO for Windows 10 10162? Can only find Pro for UK Can you update Pro to Enterprise? Sorted it. ISO downloading. 10074.0.150424-1350.FBL_IMPRESSIVE_CLIENTENTERPRISE_VOL_X64FRE_EN-GB.ISO Logged into account and...
Installation and Setup
Windows 10 for Enterprise is not free in the first year...
Businesses switching to Windows 10 for Enterprise won't be getting the operating system as a free upgrade within the first year of release and it will be updated differently as well. Back in October, it was reported that Microsoft was working on a...
Windows 10 News
Windows 8.1 Enterprise -- Now switching to W10
Hi there Now that I can run Win 10 at least until OCTOBER (build 9926 extends till oct 1st) I am ditching my Win 8.1 Enterprise system -- was an old TechNet copy anyway. Windows 8.1 while better than 8 isn't going anywhere either. The only...
General Support
Windows 10 Enterprise build 9879 ISO now available
The next version of Windows is engineered for the way you live and work, protected against cyber risks and threats, and managed for continuous innovation. Need more information? See what's new in Windows 10 Technical Preview for Enterprise. ...
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:04.
Find Us
Twitter Facebook Google+

Windows 10 Forums