Enhanced Mitigation Experience Toolkit (EMET) for Windows 10

Fixthisforus · 05 Feb 2016

dencal said:

The point you are making is no longer relevant....my quote which you are using was when Emet was in Beta.
EMET 5.5 was released in final version 1/29/2016.

I disagree. Microsoft still recommends running .NET updates prior to running EMET in 5.5.
It specifically suggests it in the latest installer.

Brink · 24 Feb 2016

NEWS: Attackers can turn Microsoft exploit defense tool EMET against itself

Dirk41 · 01 Apr 2016

Hi! May I ask yo a question? I succeded to add programs to emet. But I can't understand how to make metro apps ( this from w store ) to run in emet.
Could you please tell me if there is a way?
Thank you in advance

Brink · 09 Aug 2016

New Enhanced Mitigation Experience Toolkit (EMET) 5.5.1. See first post for more details. :)

Brink · 04 Nov 2016

Update: Windows: Moving Beyond Enhanced Mitigation Experience Toolkit (EMET)

Brink · 19 Nov 2016

New Enhanced Mitigation Experience Toolkit (EMET) 5.5.2 released. See first post for more details. :)

Cliff S · 21 Nov 2016

An interesting find I made for the EMET geeks:

Visualizing Protections With and Without EMET

To help visualize what EMET can do for us, it is useful to enumerate the exploit mitigations for various Windows versions, both with and without EMET.
When it comes to system-wide mitigations, there's not much of a difference between a Windows system that has EMET installed and a stock Windows system that has had the mitigations enabled manually. This comparison, illustrated in the figure below, makes the true benefit of EMET clear: application-specific mitigations.

In Defense of EMET
Microsoft's statement above overlooks the primary reason for someone to run EMET. In particular, users running EMET to protect applications that do not opt in to all of the exploit mitigations that it should. Even though the underlying Windows operating system supports a mitigation, doing so does not necessarily mean that it will be applied to an application.
Developer adoption of exploit mitigations takes place at a slower rate than we'd like to see. For example, even Microsoft does not compile all of Office 2010 with the /DYNAMICBASE flag to indicate compatibility with ASLR. What is the impact? An attacker may be able to work around ASLR by causing a non-DYNAMICBASE library to be loaded into the process space of the vulnerable application, potentially resulting in successful exploitation of a memory corruption vulnerability. What do we do to protect ourselves against this situation? We run EMET with application-specific mitigations enabled!

The Windows 10 EMET Fallacy
Microsoft strongly implies that if you are running Windows 10, there is no need for EMET anymore. This implication is not true. The reason it's not true is that Windows 10 does not provide the application-specific mitigations that EMET does.
Windows 10 does indeed provide some nice exploit mitigations. The problem is that the software that you are running needs to be specifically compiled to take advantage of them. Control Flow Guard (CFG) looks to provide similar protections to the ROP application-specific mitigations in EMET. The problem is that the application needs to be specifically compiled to take advantage of CFG. Out of all of the applications you run in your enterprise, do you know which ones are built with CFG support? If an application is not built to use CFG, it doesn't matter if your underlying operating system supports CFG or not.

Read more, it's pretty interesting: Windows 10 Cannot Protect Insecure Applications Like EMET Can

dencal · 21 Nov 2016

Cliff.
Your link goes to a blank page,

Cliff S · 21 Nov 2016

It loads, but takes a long time dencal. just let it load in the background.
The site is CERT/CC Blog(Home > CERT/CC Blog > Windows 10 Cannot Protect Insecure Applications Like EMET Can ) from SEI

Enhanced Mitigation Experience Toolkit (EMET) for Windows 10-image.png

Cliff S · 28 Jun 2017

The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard.

Microsoft's EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques—some built in to Windows, some part of EMET itself—to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible.

With Windows 10, however, EMET's development was essentially cancelled. Although Microsoft made sure the program ran on Windows 10, the company said that EMET was superfluous on its latest operating system. Some protections formerly provided by EMET had been built into the core operating system itself, and Windows 10 offered additional protections far beyond the scope of what EMET could do.

But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues—a few even require applications to be deliberately written with the mitigation in mind—which means that Windows does not simply turn on every mitigation for every application. It's here that Exploit Guard comes in.

Microsoft bringing EMET back as a built-in part of Windows 10 | Ars Technica