EMET Picks Up Some Changes and Improvements with Version 5.2 Release
EMET 5.2 is available now and includes Control Flow Guard, VBScript in Attack Surface Reduction, and Enhanced Protected Mode/Modern IE.
March 13, 2015
On Thursday, Microsoft rolled out an updated version of its Enhanced Mitigation Experience Toolkit (EMET) bringing it to version 5.2.
EMET is a mitigation tool and intended to be used to anticipate known and common techniques of exploits and then harden systems so that attacks are diverted, terminated, and blocked. EMET is great for using when zero-day vulnerabilities are announced to ensure systems are protected while waiting for a patch.
You can get the latest here: Enhanced Mitigation Experience Toolkit on the Security TechCenter web site
Per Microsoft, here's what's new:
Control Flow Guard: EMET’s native DLLs have been compiled with Control Flow Guard (CFG). CFG is a new feature introduced in Visual Studio 2015 (and supported by Windows 8.1 and Windows 10) that helps detect and stop attempts of code hijacking. EMET native DLLs (i.e. EMET.DLL) are injected into the application process EMET protects. Since we strongly encourage 3rd party developers to recompile their application to take advantage of this very latest security technology, we have compiled EMET with CFG. More information on CFG are available at this Visual C++ Team blog entry.
VBScript in Attack Surface Reduction: the configuration for the Attack Surface Reduction (ASR) mitigation has been improved to stop attempts to run the VBScript extension when loaded in the Internet Explorer's Internet Zone. This would mitigate the exploitation technique known as “VBScript God Mode” observed in recent attacks.
Enhanced Protected Mode/Modern IE: EMET now fully supports alerting and reporting from Modern Internet Explorer, or Desktop IE with Enhanced Protected Mode mode enabled.
[Want to discuss this further? Hit me up on Twitter, on Google+, or LinkedIn]
About the Author
You May Also Like