Now Available: Enhanced Mitigation Experience Toolkit (EMET) 5.0

Today we are pleased to announce  the general availability of our Enhanced Mitigation Experience Toolkit (EMET) 5.0.  It has been almost five years since we released the first version of the tool and so much has changed since then.  Thanks to the overwhelming support, feedback and demand from our community, the tool has evolved quite a bit and now includes a number of new mitigations, expanded compatibility, user friendly UI, additional reporting capabilities, customer support through Microsoft Premier Support Services and more.

EMET is a free security mitigation tool designed to help IT Professionals and developers protect against emerging threats targeting vulnerabilities that are either unknown or for which a security update has not yet been applied.  It is compatible with the most commonly used third-party applications at home and in the enterprise.  EMET effectively works by enabling security mitigations to be applied to applications without the need for recompilation.  This has proved to be very effective for customers, especially in cases where IT professionals need to deploy mitigations on software that was written before the mitigations were available or in cases where source code is not available.  Here is a glimpse on what some of our customers are saying about EMET:

“EMET breaks commodity malware and raises the cost of developing exploits for more sophisticated attackers. System administrators should consider adding EMET to their environment as an additional exploit mitigation layer.”- Brad Arkin, Chief Security Officer at Adobe Systems

“EMET prevents malware from exploiting vulnerabilities, period! There are many documented cases showing how EMET blocked new malware found in the wild. EMET is a must-have for your workstations.” – Didier Stevens, Contraste Europe NV and author of HeapLocker

“We use only Windows on our desktops, and only with EMET.”- Brad Spengler grsecurity.net

EMET 5.0, released today includes several enhancements.   The latest tool comes with new mitigations and capabilities that build on previous versions including:

New Mitigation: Attack Surface Reduction
Provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites.

New Mitigation: Export Address Table Filtering (EAF+)
Introduces two new methods for helping disrupt advanced attacks. For example, EAF+ adds a new “page guard” protection to help prevent memory read operations, commonly used as information leaks to build exploitations.

New configuration options for additional flexibility
Offers new user interface (UI) options so that customers can configure how each mitigation applies to applications in their environment, taking into account their enterprise frameworks and requirements. As an example, users can configure which specific memory addresses to protect with the HeapSpray Allocation mitigation using EMET 5.0.

Many enterprise IT professionals deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. With version 5.0, propagating EMET configuration changes via Group Policy becomes even easier, as we have improved how EMET handles configuration changes, when applied in an enterprise network.

The new Microsoft EMET Service is another feature our enterprise customers will find helpful in monitoring status, and logs of any suspicious activity. With this new service, our customers can use industry standard processes, such as Server Manager dashboard of Windows Server, for monitoring.

Additionally, IT Professionals can now turn on a setting in EMET 5.0 to block users from navigating to websites with untrusted, fraudulent certificates, helping protect from Man-In-The-Middle attacks.

New default settings provide protections from the get-go
EMET’s Deep Hooks capability helps protect the interactions between an application and the operating system, in other words the Application Processing Interfaces (APIs). In EMET 5.0, Deep Hooks is turned on by default, helping provide stronger protections by default. Furthermore, this default setting is now compatible with a wider range of productivity, security and business software.

If you are looking for a powerful tool to help protect your organization from emerging threats then I encourage you to download the tool today.  www.microsoft.com/emet.

Tim Rains
Director
Trustworthy Computing

About the Author
Tim Rains

Director, Trustworthy Computing

Tim Rains has over 20 years of experience in the technology industry across several disciplines including engineering, consulting, and marketing communications roles. He currently manages security marketing and corporate communications in the Trustworthy Computing division at Microsoft. His expertise ranges Read more »