Attackers can turn Microsoft exploit defense tool EMET against itself

    Attackers can turn Microsoft exploit defense tool EMET against itself

    Attackers can turn Microsoft exploit defense tool EMET against itself


    Posted: 24 Feb 2016

    Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.

    Researchers from security vendor FireEye have found a method through which exploits can unload EMET-enforced protections by leveraging a legitimate function in the tool itself.

    Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. However, it’s likely that many users haven’t upgraded yet, because the new version mainly adds compatibility with Windows 10 and doesn’t bring any new significant mitigations.

    First released in 2009, EMET can enforce modern exploit mitigation mechanisms like Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) or Export Address Table Access Filtering (EAF) to applications, especially legacy ones, that were built without them. This makes it much harder for attackers to exploit vulnerabilities in those applications in order to compromise computers....


    Read more: Attackers can turn Microsoft's exploit defense tool EMET against itself | PCWorld
    Brink's Avatar Posted By: Brink
    24 Feb 2016


  1. Posts : 3,367
    W10 Pro x64/W7 Ultimate x64 dual boot main - W11 Triple Boot Pending
       #1

    I wonder if this would also be something to consider for use on personal as well as business systems as an additional protection measure? It does show that someone will always be trying to break something MS puts out!
      My Computers


  2. Posts : 4
    windows 10
       #2

    Thank you for the news.
    So now (w10 user here ) the vulnerability is fixed?
    Thank you
      My Computer


  3. Posts : 4,224
    Windows 10
       #3

    My reading of the info is that if you run the latest version of EMET, you are not subject to the reported vulnerability. That latest version is numbered 5.5, and you can download it from the Microsoft Download Center.

    EMET has been available for free from MS for some time now. It is recommended for use on all modern Windows clients as a best practice by the MS in-house Security team, and by many third-party experts including Larry Seltzer and Ed Skoudis (both well-known Windows security and malware experts).

    I've been running it on my clients since the early part of this decade (I first blogged about it in September 2012) and it hasn't posed any stability or behavior problems or caused any appreciable performance issues that I've noticed.

    HTH,
    --Ed--
      My Computers


  4. Posts : 27,162
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #4
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:43.
Find Us




Windows 10 Forums