News

Microsoft Releases EMET 2.0 Security Tool

Microsoft last week released the latest version of a free tool designed to help ward off attacks to legacy software.

Enhanced Mitigation Experience Toolkit (EMET) 2.0 aims to protect against commonly used hacking efforts. Rather than provide security patches against known exploits, it attempts to block or "mitigate" hacking techniques, based on six software technologies.

Software developers and IT professionals can use the tool to help protect older software against vulnerabilities, especially when there might not be a specific patch.

Typical candidates for such protection include Windows XP and Internet Explorer 6, which are aging products but still widely used. Those products lack some newer security technologies found in Windows 7 and IE 8. EMET 2.0 might also be used to help protect third-party applications and line-of-business apps that use those legacy Microsoft solutions, according to Microsoft's announcement.

The software technologies where the tool can provide some mitigation support were described by Microsoft back in July. Version 2.0 includes two new mitigations: Export Address Table Access Filtering and Mandatory Address Space Layout Randomization. Version 2.0 also features a graphical user interface to make the mitigations easier to see and manage.

The tool lets users apply mitigations on a particular software process. It provides a consistent user interface that doesn't depend on the underlying platform. Moreover, EMET 2.0 is not tied to a particular product, according to Microsoft. Updates can be added to the tool when newer mitigation technologies become available.

EMET 2.0 works with all supported Microsoft client and server operating systems, according to the Users Guide (PDF download). It works with 32-bit and 64-bit systems but some mitigations are not available with 64-bit systems. Installing the latest version will disable any earlier versions of the tool.

One caveat for users is that EMET 2.0 is not currently a supported Microsoft tool, but is offered "as is." It's available at the Microsoft Download Center here.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Featured

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.