Security Advisor
Microsoft Releases EMET 5.0 Security Tool
The latest version adds two new mitigation features and support for 64-bit systems.
Microsoft announced today that its Mitigation Experience Toolkit (EMET) 5.0 is now generally available.
The free tool is used to block popular exploits and includes protection against new attacks for Microsoft software even before a permanent fix has been released. In a blog post announcing the availability, Chris Betz, senior director for Microsoft's Security Response Center (MSRC), discussed how today's release comes with new features to protect against modern cyberattack campaigns. "EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments."
Based on feedback from earlier versions of the tool and February's release of the EMET 5.0 Technical Preview, Attack Surface Reduction (ASR) and Export Address Table Filtering Plus (EAF+) mitigation features have been added to the latest version. The ASR mitigation is aimed at protecting application plugins or modules by allowing users to choose when specific plugins run. The most obvious use of this is to limit Java attacks by choosing when and how a Java plugin starts up. Betz gave the example that with the ASR, enterprises can choose to disable Java from running in a browser, but still allow Java to run in specific situations, like on company Web Sites.
EAF+ adds another blanket of protection against advance attacks by hardening low-level modules from attacks targeting build return orientated programming (ROP) gadgets in memory. The most practical use of EAF+ will be to protect against KERNELBASE exports.
Also new is support for 64-bit platforms. Microsoft has extended its anti-ROP protection to these platforms even though no known attacks have been discovered to be targeting 64-bit systems. "Although we have not yet detected exploits that use ROP techniques to exploit 64-bit applications, we decided to extend the anti-ROP mitigations to this architecture to be ready when the time comes," said the company in a Security Research and Defense blog.
Microsoft has also made some changes to the UI, including new options to manually choose which specific mitigations should be applied to which applications. This should allow IT to customize EMET to fit their own specific enterprise security requirements. The updated tool also comes with a new feature that lets IT block Web sites with untrusted or fraudulent credentials to across an entire network.
EMET can be deployed through Microsoft System Center Configuration Manager, and offers IT the ability to apply Group Policies in Windows Active Directory. Today's release can be downloaded here.