Windows 10: Attackers can turn Microsoft exploit defense tool EMET against itself


  1. Posts : 20,832
    64-bit Windows 10 Pro build 16199
       24 Feb 2016 #1

    Attackers can turn Microsoft exploit defense tool EMET against itself


    Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.

    Researchers from security vendor FireEye have found a method through which exploits can unload EMET-enforced protections by leveraging a legitimate function in the tool itself.

    Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. However, itís likely that many users havenít upgraded yet, because the new version mainly adds compatibility with Windows 10 and doesnít bring any new significant mitigations.

    First released in 2009, EMET can enforce modern exploit mitigation mechanisms like Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) or Export Address Table Access Filtering (EAF) to applications, especially legacy ones, that were built without them. This makes it much harder for attackers to exploit vulnerabilities in those applications in order to compromise computers....


    Read more: Attackers can turn Microsoft's exploit defense tool EMET against itself | PCWorld
      My ComputersSystem Spec


  2. Posts : 3,357
    W10 Pro x64/W7 Ultimate x64 dual boot main - W10 Pro Insider Preview/W7 Pro x64 - remote pc
       26 Feb 2016 #2

    I wonder if this would also be something to consider for use on personal as well as business systems as an additional protection measure? It does show that someone will always be trying to break something MS puts out!
      My ComputerSystem Spec

  3.    01 Apr 2016 #3

    Thank you for the news.
    So now (w10 user here ) the vulnerability is fixed?
    Thank you
      My ComputerSystem Spec

  4.    01 Apr 2016 #4

    My reading of the info is that if you run the latest version of EMET, you are not subject to the reported vulnerability. That latest version is numbered 5.5, and you can download it from the Microsoft Download Center.

    EMET has been available for free from MS for some time now. It is recommended for use on all modern Windows clients as a best practice by the MS in-house Security team, and by many third-party experts including Larry Seltzer and Ed Skoudis (both well-known Windows security and malware experts).

    I've been running it on my clients since the early part of this decade (I first blogged about it in September 2012) and it hasn't posed any stability or behavior problems or caused any appreciable performance issues that I've noticed.

    HTH,
    --Ed--
      My ComputerSystem Spec


  5. Posts : 14,972
    Microsoft Windows 10 Pro 64-bit 14393, Windows 10 Insider Fast Ring, Windows 8.1 Update, Ubuntu
       01 Apr 2016 #5
      My ComputersSystem Spec


 

Related Threads
Read more: Microsoft: Windows 10, Edge so secure they don't need our EMET anti zero-day shield | ZDNet See also: Enhanced Mitigation Experience Toolkit (EMET) for Windows 10 - Windows 10 Forums
Solved Microsoft: Windows 10, Edge so secure they don't need our EMET in AntiVirus, Firewalls and System Security
Microsoft: Windows 10, Edge so secure they don't need our EMET anti zero-day shield | ZDNet
Comodo Defense + & Windows Defender are both off, won't turn on in AntiVirus, Firewalls and System Security
I have Comodo's free protection installed. Since I installed Windows 10, I keep getting a periodic pop-up message at the lower right of my screen telling me that both Comodo Defense + and Windows Defender are turned off. When I go to the Security...
18-year-old Windows bug allows attackers to harvest credentials in AntiVirus, Firewalls and System Security
18-year-old Windows bug allows attackers to harvest credentials - TechRepublic
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:40.
Find Us