To Customer Support To Customer Support

Experts Find Vulnerabilities in Microsoft’s EMET

  • 24 February 2014
  • 2 replies
  • 1104 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Security researchers from Bromium have been analyzing Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a free tool that’s designed to help Windows users enhance the security of third-party software.

Experts say that EMET is vulnerable to custom-built exploits that attackers can use to bypass the protections offered in the tool.

“EMET is a viable personal and corporate defense add-on, but given other researchers have found EMET bypasses before, we sought to understand how EMET is vulnerable to the presence of novel exploits,” said Rahul Kashyap, chief security architect and head of security research at Bromium.

“We want users to better understand the facts when making a decision about which PC protections to use. We conducted this research within Bromium Labs to further enhance EMET-like exploit mitigation tools so we as an industry can come together to better protect against future exploitation vectors.”

Bromium has published a whitepaper that contains the technical details. Jared DeMott, principal security researcher with the company, is presenting the findings today, February 24, at BSides San Francisco.
 
Source Article

2 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Yes I seen that last week from a different source and forgot to post it. Thanks Jeff.
 
And here is another Article from ARS Tenhnica: http://arstechnica.com/security/2014/02/new-attack-completely-bypasses-microsoft-zero-day-protection-app/
 
Daniel
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Hopes to slap down more zero-day attacks...

Microsoft has beefed up its Enhanced Mitigation Experience Toolkit (EMET), adding features designed to block more exploits.

The release of the technical review (beta) version of the tool, EMET 5.0, follows the discovery of new attacks against earlier versions of the technology. EMET 5.0 beta comes with a feature called Attack Surface Reduction that makes it easier for corporate security managers to apply usage policies or block Java, Flash Player and third-party browser plug-ins.

Using the tool, Java, for example, could be enabled for intranet applications but blocked when it comes to sourcing anything from the wilds of the worldwide web. In a similar way, Flash could be allowed to run when executed directly from a browser but blocked from execution in cases where it appears in a PDF or an Office file. The latest version of the tool is "not [yet] ready for wide enterprise deployment," as Redmond security gnomes explain.
 
Full Article
 
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.