Microsoft's Enhanced Mitigation Experience Toolkit 4.0 Released

Certificate Trust:considering the raise of PKI-related attacks, we decided to implement a configurable SSL Certificate Pinning to try to detect Man in the Middle attacks that leverage SSL/TLS certificates. The Certificate Trust feature in EMET is rule-based and allows to pin a specific SSL/TLS certificate to a trusted Root Certificate Authority;

ROP mitigations and hardening:in the last Technical Preview release of EMET, we introduced some mitigations to try to stop ROP-based attacks by implementing some of the winner ideas of the BlueHat Prize contest. With this new EMET release we hardened the ROP and other mitigations to detect and stop novel attack techniques.

Early Warning Program:this feature will allow EMET to send contextual data back to Microsoft, through the standard Windows Error Reporting channel, every time that an exploit has been detected and stopped. We are adding this feature to help us respond to new 0day exploits as soon as possible.

Audit mode:if an exploit is detected, EMET will not terminate the attacked process but it will just report the attack and let the process continue. This mode is only applicable to certain mitigations, for example the anti-ROP ones, that detect the attack when the process is not already in a crashed state. This feature is useful for enterprise customers for testing purposes and to spot false-positives and app-compat problems without compromising the user experience;

EMET 4.0 also includes bug fixes and UI changes to improve the overall user experience. Also, at the end of the installation, EMET will offer the user to automatically apply recommended settings to protect Internet Explorer, Microsoft Office, Adobe Acrobat/Reader, and Oracle Java, as well as a pre-defined set of rules for the Certificate Trust feature that will monitor the main Microsoft and other popular online services. More information are available in the User Guide, available in the EMET installation folder.