Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft EMET 5.1 Brings Improved Security and Compatibility

Microsoft Releases EMET 5.1

The new version of the Enhanced Mitigation Experience Toolkit (EMET) released by Microsoft on Monday brings improved protection and addresses several application compatibility issues.

Microsoft Releases EMET 5.1

The new version of the Enhanced Mitigation Experience Toolkit (EMET) released by Microsoft on Monday brings improved protection and addresses several application compatibility issues.

According to Microsoft, EMET 5.1 resolves a race condition in the Mandatory ASLR mitigation, fixes a flaw that caused some mitigations to stop working when EAF is disabled, and addresses errors occurring when EMET is not installed in the default folder.

The latest version of the security tool also enables the EMET service to log EMET configuration when the service is started, Microsoft said.

EMET has been bypassed and disarmed on several occasions by researchers. In late September, researchers at Offensive Security presented a method that can be used to disarm EMET 5.0. Last month, SEC Consult Vulnerability Lab reported that one of its experts, René Freingruber, had found “numerous methods to get around the basic protection mechanisms of EMET.”

“There is no one tool capable of preventing all attacks. EMET is designed to make it more difficult, expensive and time consuming, and therefore less likely, for attackers to exploit a system,” a Microsoft spokesperson told SecurityWeek via email.

However, the release notes for EMET 5.1 show that the latest version “improves and hardens several mitigations to make them more resilient to attacks and bypasses.” The company has thanked René Freingruber of SEC Consult and members of the System Security Lab at the Technical University Darmstadt/CASED in Germany for their assistance.

SecurityWeek reached out to experts from Offensive Security to see if their attack method still works, but researchers said they haven’t had the chance to test EMET 5.1.

Advertisement. Scroll to continue reading.

Several compatibility issues affecting EMET 5.0 have been addressed by Microsoft. The list includes compatibility problems between Certificate Trust and the 64-bit variant of Internet Explorer, and between EAF+ and applications like Adobe Reader, Mozilla Firefox, Adobe Flash and Internet Explorer. Compatibility issues also impact the Manage Add-ons feature and the Internet Explorer Developer Tools.

EAF mitigations have also been improved to address several compatibility problems.

“If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation. Alternatively, you can temporarily disable EAF+ on EMET 5.0. Details on how to disable the EAF+ mitigation are available in the User Guide,” the EMET Team wrote in a blog post.

Configuration and deployment improvements have also been made in EMET 5.1, including the addition of a default configuration for EAF+ for Chrome and Java 8, and a “Local Telemetry” feature that allows users to save memory dumps on the disk when a mitigation is triggered.

Another bug addressed with the release of EMET 5.1 is related to the Group Policy settings which, according to Microsoft, were not applied correctly in some circumstances.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.