Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft to Make EMET Native to Windows 10

Microsoft is no longer interested in retiring its Enhanced Mitigation Experience Toolkit (EMET) but will instead make it native to Windows 10, the tech giant announced this week.

Microsoft is no longer interested in retiring its Enhanced Mitigation Experience Toolkit (EMET) but will instead make it native to Windows 10, the tech giant announced this week.

Initially released in 2009, EMET was designed to protect against certain zero-day software vulnerabilities at a time when there was a 3-4 years gap between Windows releases. The tool helped Microsoft disrupt common exploit kits and even features Windows 10 compatibility.

Seven years later, after it had already accelerated the release of new Windows iterations, Microsoft said EMET was no longer needed. The company initially announced plans to retire EMET on Jan. 27, 2017, but then pushed the end-of-life date back 18 months, to July 31, 2018, based on customer feedback.

In November 2016, as a reply to Microsoft’s claim that Windows 10 doesn’t need EMET to deliver great protection, CERT vulnerability analyst Will Dormann said in a blog that EMET includes additional protections that Windows 10 doesn’t.

Now, Rob Lefferts, Director of PM, Windows Enterprise and Security at ‎Microsoft, says that feedback from customers who “are clearly fans of threat protections offered through EMET the Enhanced Mitigation Experience Toolkit (EMET)” determined the company to make the tool native to Windows 10 in the form of Windows Defender Exploit Guard.

The Exploit Guard is meant to pack both EMET capabilities and new vulnerability mitigations, in an attempt to deliver new prevention capabilities and make exploitation of vulnerabilities dramatically more difficult. The tool would also include a new class of intrusion prevention capabilities.

“Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organziations from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective,” Lefferts says.

Windows 10 Fall Creators Update will bring EMET back, alongside a variety of additional security improvements, Lefferts also announced. These include Windows Defender Application Guard (WDAG) and “substantial updates” to Windows Defender Device Guard and Windows Defender Antivirus.

“Windows Defender Advanced Threat Protection (ATP) will include seamless integration across the entire Windows threat protection stack to protect, detect and respond with rich, centralized management. In addition, we’re extending the reach of Windows Defender ATP to include Windows Server OS to protect customers across platforms,” Lefferts notes.

WDAG should prevent attackers from compromising local machines or moving laterally into the network by isolating malware downloaded via the browser or zero-day exploits. “With more than 90% of attacks using a hyperlink to initiate stealing credentials, installing malware, or exploiting vulnerabilities,” the browser emerges as the most common target for attackers, and Microsoft will focus on securing it.

Microsoft also plans on integrating Windows Defender Device Guard into Windows Defender ATP response capabilities, to ensure customers have better control over applications. Further, Windows 10 should deliver “a new level of security” to enterprises, along with new analytic capabilities, Microsoft says.

Related: Microsoft’s EMET Protects Apps Better Than Windows 10, Researcher Says

Related: Microsoft Delays Retirement of EMET

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.