Q. What's the Enhanced Mitigation Experience Toolkit (EMET)?
September 30, 2010
A. In all honesty, this is a tool I hadn't heard of until someone asked me about it. After some research, I found that it's a very easy to use tool designed to help mitigate applications from exploits. Typically, when an application is compiled, various options can be chosen to opt-in to certain types of security mitigation technologies. To change these choices, such as to enable Data Execute Protection, requires a rebuild of the application. EMET lets you deploy security mitigation capabilities to applications without the need to rebuild, while giving those applications additional security and protection from exploits.
When you launch the application, it shows the technologies enabled on the system and the state of running processes. It's then possible to configure the system or specific applications with the various mitigation technologies available, as shown below.
Here I'm modifying synchro.exe to use all the mitigation technologies available. Now when I launch synchro.exe it's protected using those technologies, and I didn't need to recompile anything. EMET is great for any legacy applications that you no longer have the source for but that are possibly vulnerable to certain types of attack. Remember that you're enabling exploit mitigating technologies, so it's possible that you'll break some of the application's functionality. It's important to test any application that you modify using EMET.
EMET is available for download. Microsoft also has a great blog with details about it
About the Author
You May Also Like