Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft to Make EMET Native to Windows 10

Microsoft is no longer interested in retiring its Enhanced Mitigation Experience Toolkit (EMET) but will instead make it native to Windows 10, the tech giant announced this week.

Microsoft is no longer interested in retiring its Enhanced Mitigation Experience Toolkit (EMET) but will instead make it native to Windows 10, the tech giant announced this week.

Initially released in 2009, EMET was designed to protect against certain zero-day software vulnerabilities at a time when there was a 3-4 years gap between Windows releases. The tool helped Microsoft disrupt common exploit kits and even features Windows 10 compatibility.

Seven years later, after it had already accelerated the release of new Windows iterations, Microsoft said EMET was no longer needed. The company initially announced plans to retire EMET on Jan. 27, 2017, but then pushed the end-of-life date back 18 months, to July 31, 2018, based on customer feedback.

In November 2016, as a reply to Microsoft’s claim that Windows 10 doesn’t need EMET to deliver great protection, CERT vulnerability analyst Will Dormann said in a blog that EMET includes additional protections that Windows 10 doesn’t.

Now, Rob Lefferts, Director of PM, Windows Enterprise and Security at ‎Microsoft, says that feedback from customers who “are clearly fans of threat protections offered through EMET the Enhanced Mitigation Experience Toolkit (EMET)” determined the company to make the tool native to Windows 10 in the form of Windows Defender Exploit Guard.

The Exploit Guard is meant to pack both EMET capabilities and new vulnerability mitigations, in an attempt to deliver new prevention capabilities and make exploitation of vulnerabilities dramatically more difficult. The tool would also include a new class of intrusion prevention capabilities.

“Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organziations from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective,” Lefferts says.

Windows 10 Fall Creators Update will bring EMET back, alongside a variety of additional security improvements, Lefferts also announced. These include Windows Defender Application Guard (WDAG) and “substantial updates” to Windows Defender Device Guard and Windows Defender Antivirus.

Advertisement. Scroll to continue reading.

“Windows Defender Advanced Threat Protection (ATP) will include seamless integration across the entire Windows threat protection stack to protect, detect and respond with rich, centralized management. In addition, we’re extending the reach of Windows Defender ATP to include Windows Server OS to protect customers across platforms,” Lefferts notes.

WDAG should prevent attackers from compromising local machines or moving laterally into the network by isolating malware downloaded via the browser or zero-day exploits. “With more than 90% of attacks using a hyperlink to initiate stealing credentials, installing malware, or exploiting vulnerabilities,” the browser emerges as the most common target for attackers, and Microsoft will focus on securing it.

Microsoft also plans on integrating Windows Defender Device Guard into Windows Defender ATP response capabilities, to ensure customers have better control over applications. Further, Windows 10 should deliver “a new level of security” to enterprises, along with new analytic capabilities, Microsoft says.

Related: Microsoft’s EMET Protects Apps Better Than Windows 10, Researcher Says

Related: Microsoft Delays Retirement of EMET

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.