Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft EMET 5.1 Brings Improved Security and Compatibility

Microsoft Releases EMET 5.1

The new version of the Enhanced Mitigation Experience Toolkit (EMET) released by Microsoft on Monday brings improved protection and addresses several application compatibility issues.

Microsoft Releases EMET 5.1

The new version of the Enhanced Mitigation Experience Toolkit (EMET) released by Microsoft on Monday brings improved protection and addresses several application compatibility issues.

According to Microsoft, EMET 5.1 resolves a race condition in the Mandatory ASLR mitigation, fixes a flaw that caused some mitigations to stop working when EAF is disabled, and addresses errors occurring when EMET is not installed in the default folder.

The latest version of the security tool also enables the EMET service to log EMET configuration when the service is started, Microsoft said.

EMET has been bypassed and disarmed on several occasions by researchers. In late September, researchers at Offensive Security presented a method that can be used to disarm EMET 5.0. Last month, SEC Consult Vulnerability Lab reported that one of its experts, René Freingruber, had found “numerous methods to get around the basic protection mechanisms of EMET.”

“There is no one tool capable of preventing all attacks. EMET is designed to make it more difficult, expensive and time consuming, and therefore less likely, for attackers to exploit a system,” a Microsoft spokesperson told SecurityWeek via email.

However, the release notes for EMET 5.1 show that the latest version “improves and hardens several mitigations to make them more resilient to attacks and bypasses.” The company has thanked René Freingruber of SEC Consult and members of the System Security Lab at the Technical University Darmstadt/CASED in Germany for their assistance.

SecurityWeek reached out to experts from Offensive Security to see if their attack method still works, but researchers said they haven’t had the chance to test EMET 5.1.

Advertisement. Scroll to continue reading.

Several compatibility issues affecting EMET 5.0 have been addressed by Microsoft. The list includes compatibility problems between Certificate Trust and the 64-bit variant of Internet Explorer, and between EAF+ and applications like Adobe Reader, Mozilla Firefox, Adobe Flash and Internet Explorer. Compatibility issues also impact the Manage Add-ons feature and the Internet Explorer Developer Tools.

EAF mitigations have also been improved to address several compatibility problems.

“If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation. Alternatively, you can temporarily disable EAF+ on EMET 5.0. Details on how to disable the EAF+ mitigation are available in the User Guide,” the EMET Team wrote in a blog post.

Configuration and deployment improvements have also been made in EMET 5.1, including the addition of a default configuration for EAF+ for Chrome and Java 8, and a “Local Telemetry” feature that allows users to save memory dumps on the disk when a mitigation is triggered.

Another bug addressed with the release of EMET 5.1 is related to the Group Policy settings which, according to Microsoft, were not applied correctly in some circumstances.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.