Microsoft Beefs Up EMET

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Beefs Up EMET


Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs



RSA CONFERENCE 2014 – San Francisco, Calif. – Microsoft has enhanced its popular Enhanced Mitigation Toolkit (EMET) with new functions that help halt exploits from hitting endpoint machines. The software giant today released a preliminary, technical review version of the new tool, EMET 5.0.
EMET 5.0
comes with a new feature called Attack Surface Reduction that lets organizations selectively enable Java, Flash Player, and third-party plug-ins. An organization could set EMET to allow Java to run only for internal applications that need it while disabling Java execution in non-internal applications. It does much the same for Flash: It lets you use Flash in the browser, but blocks Flash from executing in Excel or other Office files, for example, says Jonathan Ness, principal security development manager for Microsoft Trustworthy Computing.
The new version also comes with a hardened version of EAF (Export Address Table Filtering), and also enables deep hooks mitigation by default, which stops the bypass attack
demonstrated in research released yesterday by Bromium Labs
that pokes holes in EMET 4.1.
Im eager to see the feedback on these new features, Ness said in an interview. The feedback will help shape the tools final form, he says.
The new features in EMET help block attacks Microsoft has found and analyzed over the past few months. Weve raised the bar for the attacker, Ness says. Because of the shift in the landscape, it makes exploitation more difficult.
Dan Kaminsky, chief scientist of WhiteOps, says EMET is a useful defense tool for Windows machines because it can update security for Windows at a faster clip than the longer operating system update cycle. It spurs the development of new features and defenses, Kaminsky says.
But EMETs main limitation is that it relies on known vectors of return-oriented programming (ROP) exploitation methods, says Rahul Kashyap, chief security architect and head of security research at Bromium.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Beefs Up EMET