1.    24 Feb 2016 #1
    Join Date : Oct 2013
    Posts : 25,773
    64-bit Windows 10 Pro build 17046

    Attackers can turn Microsoft exploit defense tool EMET against itself


    Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.

    Researchers from security vendor FireEye have found a method through which exploits can unload EMET-enforced protections by leveraging a legitimate function in the tool itself.

    Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. However, itís likely that many users havenít upgraded yet, because the new version mainly adds compatibility with Windows 10 and doesnít bring any new significant mitigations.

    First released in 2009, EMET can enforce modern exploit mitigation mechanisms like Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) or Export Address Table Access Filtering (EAF) to applications, especially legacy ones, that were built without them. This makes it much harder for attackers to exploit vulnerabilities in those applications in order to compromise computers....


    Read more: Attackers can turn Microsoft's exploit defense tool EMET against itself | PCWorld
      My ComputersSystem Spec
  2.    26 Feb 2016 #2
    Join Date : Apr 2014
    Posts : 3,361
    W10 Pro x64/W7 Ultimate x64 dual boot main - W10 Pro Insider Preview/W7 Pro x64 - remote pc

    I wonder if this would also be something to consider for use on personal as well as business systems as an additional protection measure? It does show that someone will always be trying to break something MS puts out!
      My ComputerSystem Spec
  3.    01 Apr 2016 #3
    Join Date : Mar 2016
    Posts : 4
    windows 10

    Thank you for the news.
    So now (w10 user here ) the vulnerability is fixed?
    Thank you
      My ComputerSystem Spec
  4.    01 Apr 2016 #4

    My reading of the info is that if you run the latest version of EMET, you are not subject to the reported vulnerability. That latest version is numbered 5.5, and you can download it from the Microsoft Download Center.

    EMET has been available for free from MS for some time now. It is recommended for use on all modern Windows clients as a best practice by the MS in-house Security team, and by many third-party experts including Larry Seltzer and Ed Skoudis (both well-known Windows security and malware experts).

    I've been running it on my clients since the early part of this decade (I first blogged about it in September 2012) and it hasn't posed any stability or behavior problems or caused any appreciable performance issues that I've noticed.

    HTH,
    --Ed--
      My ComputersSystem Spec
  5.    01 Apr 2016 #5
    Join Date : Feb 2015
    Bamberg Germany
    Posts : 18,016
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
      My ComputersSystem Spec

 


Similar Threads
Thread Forum
Microsoft: Edge so secure they don't need EMET anti zero-day shield
Read more: Microsoft: Windows 10, Edge so secure they don't need our EMET anti zero-day shield | ZDNet See also: Enhanced Mitigation Experience Toolkit (EMET) for Windows 10 - Windows 10 Forums
Windows 10 News
Solved Microsoft: Windows 10, Edge so secure they don't need our EMET
Microsoft: Windows 10, Edge so secure they don't need our EMET anti zero-day shield | ZDNet
AntiVirus, Firewalls and System Security
Comodo Defense + & Windows Defender are both off, won't turn on
I have Comodo's free protection installed. Since I installed Windows 10, I keep getting a periodic pop-up message at the lower right of my screen telling me that both Comodo Defense + and Windows Defender are turned off. When I go to the Security...
AntiVirus, Firewalls and System Security
18-year-old Windows bug allows attackers to harvest credentials
18-year-old Windows bug allows attackers to harvest credentials - TechRepublic
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:33.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums