Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Microsoft Updates Enhanced Mitigation Experience Toolkit to Block Attacks Against Unfixed Vulnerabilities

Microsoft Releases Enhanced Mitigation Experience Toolkit (EMET) 2.0

Announced at the Black Hat 2010 conference in July, Microsoft’s updated Enhanced Mitigation Experience Toolkit (EMET) 2.0 has been released and is now available for download.

Microsoft Releases Enhanced Mitigation Experience Toolkit (EMET) 2.0

Announced at the Black Hat 2010 conference in July, Microsoft’s updated Enhanced Mitigation Experience Toolkit (EMET) 2.0 has been released and is now available for download.

EMET is specifically designed to block targeted attacks against unfixed vulnerabilities. The toolkit is free and helps improve the security of applications without having to recode them. Developers and IT security professionals are able to add new and existing security mitigation technologies to software in order to help protect against exploitation of vulnerabilities. All mitigations can be applied on a per-application basis with customized settings, allowing developers to bring newer security mitigations to older applications.

Microsoft EMET 2.0 Screenshot

EMET 2.0 allows users to both configure the system policy for mitigations as well as to configure mitigations on a per executable basis. The first option allows the user to set the defaults for system supported mitigations; for instance choosing whether one should be enabled for all processes, enabled for only those that chose to opt in, disabled entirely etc.

The tool supports both 32- and 64-bit applications and has been updated with a new unified graphical user interface that shows running processes and whether EMET is currently active for them. Two new mitigations have been added — mandatory ASLR and EAT address filtering. Version 2.0 now includes support for viewing and setting systemwide mitigation settings.

It adds the following mitigations to applications that do not support them natively:

• Structured Error Handling Overwrite Protection (SEHOP) prevents Structured Exception Handling (SEH) overwrite exploitation by performing SEH chain validation.

• Dynamic Data Execution Prevention marks portions of a process’s memory non-executable, making it difficult to exploit memory corruption vulnerabilities.

Advertisement. Scroll to continue reading.

• NULL page allocation allocates the first page of memory before program initialization and blocks attackers from taking advantage of NULL references in user mode.

• Heap Spray Allocation pre-allocates memory addresses to block common attacks that fill a process’s heap with specially crafted content.

• New in EMET 2.0 is mandatory address space layout randomization (ASLR), as well as non-ASLR-aware modules on Windows Vista, Windows Server 2008 and Windows 7.

• Also new in EMET 2.0, export address table (EAT) uses hardware breakpoints to filter access to the EAT of kernel32.dll and ntdll.dll, blocks access if the instruction pointer is not inside a module, and breaks current common metasploit shellcodes.

Microsoft warns that some security mitigation technologies may break applications and reminds users that it’s important to thoroughly test EMET in all target use scenarios before rolling it out to a production environment.

You can download EMET 2.0 here.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights