Microsoft releases EMET 5.0
Posted on 01 August 2014.
Microsoft has released version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET), a free utility that uses a number of security mitigation techniques to prevent the successful exploitation of vulnerabilities in various software.

EMET is not a foolproof computer system defense solution, but it can stop many threats, old and new, by anticipating actions used by attackers and terminating or blocking them.

The utility sports a number of improvements: two new mitigation techniques, new configuration options, and new default settings.

The two new mitigation techniques are Attack Surface Reduction (ASR) and Export Address Table Filtering Plus (EAF+).

The new Attack Surface Reduction (ASR) mitigation provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites," explains Chris Betz, senior director of the Microsoft Security Response Center.

The Export Address Table Filtering Plus (EAF+) feature protects against memory read operations, which are often used to discover and build dynamic ROP gadgets and execute code when a vulnerability is exploited.

New configuration options will be especially welcome to enterprise IT pros, and the new Microsoft EMET Service will help them monitoring status and logs of any suspicious activity.

Since version 4.0, EMET provides a configurable SSL/TLS certificate pinning feature called Certificate Trust, which is aimed at detecting man-in-the-middle attacks leveraging the public key infrastructure (PKI). In EMET 5.0, the feature has been improved: it prevents users from visiting websites with untrusted certificates.

Finally, the Deep Hooks mitigation (protection of critical APIs) is now turned on by default, and there are newly hardened data driven bypasses that help prevent attackers from modifying EMETís data structures during attacks.


Crowdsourcing your bug bounty program

David Levin, Director of Information Security at Western Union, talks about crowdsourcing their bug bounty program and the lessons learned along the way.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Mar 30th