Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft EMET 5.1 Brings Improved Security and Compatibility

Microsoft Releases EMET 5.1

The new version of the Enhanced Mitigation Experience Toolkit (EMET) released by Microsoft on Monday brings improved protection and addresses several application compatibility issues.

Microsoft Releases EMET 5.1

The new version of the Enhanced Mitigation Experience Toolkit (EMET) released by Microsoft on Monday brings improved protection and addresses several application compatibility issues.

According to Microsoft, EMET 5.1 resolves a race condition in the Mandatory ASLR mitigation, fixes a flaw that caused some mitigations to stop working when EAF is disabled, and addresses errors occurring when EMET is not installed in the default folder.

The latest version of the security tool also enables the EMET service to log EMET configuration when the service is started, Microsoft said.

EMET has been bypassed and disarmed on several occasions by researchers. In late September, researchers at Offensive Security presented a method that can be used to disarm EMET 5.0. Last month, SEC Consult Vulnerability Lab reported that one of its experts, René Freingruber, had found “numerous methods to get around the basic protection mechanisms of EMET.”

“There is no one tool capable of preventing all attacks. EMET is designed to make it more difficult, expensive and time consuming, and therefore less likely, for attackers to exploit a system,” a Microsoft spokesperson told SecurityWeek via email.

However, the release notes for EMET 5.1 show that the latest version “improves and hardens several mitigations to make them more resilient to attacks and bypasses.” The company has thanked René Freingruber of SEC Consult and members of the System Security Lab at the Technical University Darmstadt/CASED in Germany for their assistance.

SecurityWeek reached out to experts from Offensive Security to see if their attack method still works, but researchers said they haven’t had the chance to test EMET 5.1.

Several compatibility issues affecting EMET 5.0 have been addressed by Microsoft. The list includes compatibility problems between Certificate Trust and the 64-bit variant of Internet Explorer, and between EAF+ and applications like Adobe Reader, Mozilla Firefox, Adobe Flash and Internet Explorer. Compatibility issues also impact the Manage Add-ons feature and the Internet Explorer Developer Tools.

EAF mitigations have also been improved to address several compatibility problems.

“If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation. Alternatively, you can temporarily disable EAF+ on EMET 5.0. Details on how to disable the EAF+ mitigation are available in the User Guide,” the EMET Team wrote in a blog post.

Configuration and deployment improvements have also been made in EMET 5.1, including the addition of a default configuration for EAF+ for Chrome and Java 8, and a “Local Telemetry” feature that allows users to save memory dumps on the disk when a mitigation is triggered.

Another bug addressed with the release of EMET 5.1 is related to the Group Policy settings which, according to Microsoft, were not applied correctly in some circumstances.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.