Read more at source: EMET 4.0 now available for download - Security Research & Defense - Site Home - TechNet BlogsWe are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit, best known as EMET, is now finally available for download. You can download it from Download Enhanced Mitigation Experience Toolkit 4.0 from Official Microsoft Download Center.
We already mentioned some of the new features introduced in EMET 4: Certificate Trust, mitigations improvement hardening, and the Early Warning Program. During our beta period we added new features and solved application compatibility issues that have been reported both externally and internally. Below is a summary of the changes and enhancements:
Redesigned User Interface: We realized that with the addition of the new features introduced in EMET 4.0 Beta, the old graphical user interface was not as effective and easy to use. For this reason, we decided to re-design EMETís GUI to facilitate and streamline the configuration operations. We also added the possibility to select the look-and-feel of EMET from a set of skins that we included. Finally, the new user interface is accessible and will change automatically according to your system settings:
Configuration Wizard: We know that configuration can be challenging when installing EMET for the first time. In EMET 3.0 we added the Protection Profiles, which were used to facilitate the initial configuration for applications. With EMET 4.0 we are introducing a Configuration Wizard that will automatically configure EMET with a standard set of SSL certificate pinning rules as well as a list of applications to protect. It also can preserve existing EMET 3.0 settings, and gives the possibility to add standard configuration for the new features. The Configuration Wizard will start automatically during EMETís installation and can also be accessed, at any time, from EMET GUI. Advanced users can choose to apply a standard configuration through the Configuration Wizard and then customize EMETís configuration afterwards according to their needs.
Changes in Certificate Trust: We made a few changes to the Certificate Trust feature, based on usersí feedback, further internal investigation, and partnership with third party online services. We added a new exception to the SSL certificate pinning rules that if enabled will make EMET verify just the Public Key component of the Root CAs present in the rule without matching subject name and serial number. Additionally, we made the Certificate Trust feature available on 64-bit versions of Internet Explorer. Finally, we added to the previous default rules for Microsoft online services new rules also for Twitter, Facebook, and Yahoo!.
Updated Group Policy profiles: Enterprise customers will notice that we updated our Group Policy profiles to include not only the ability to configure system and application mitigations, but also the reporting mechanisms, the advanced mitigation configurations, and the exploit action.
If you have EMET 4.0 Beta or EMET 3.5 Technical Preview installed on the system, you will need to uninstall them before installing EMET 4.0, and you will need to remove EMETís configuration from the registry, by deleting the registry hives HKLM\Software\Microsoft\EMET and, if existing, HKLM\Software\Policies\Microsoft\EMET. If you have EMET 3.0 installed on the system, you donít need to uninstall it before installing EMET 4.0. The previous version will be uninstalled and at the end of the installation youíll have the opportunity to migrate the existing settings or to reset EMET configuration with the new default settings.
We want to thank those of you that downloaded EMET 4.0 Beta in the past two months and that provided valuable feedback that greatly helped us finalize EMET 4.0. In particular, we want to thank the Yang Yu from NSFocus security team that reported a technique that allowed to bypass EMETís protections, and Adam Langley and Cem Paya from Google for feedback on the Certificate Trust feature. As said, we received many, many emails, and it would be impossible to name all the people that provided feedback for EMET 4.0 Beta. You know who you are, and we really appreciated your effort in testing EMET and reaching out to us to provide feedback. Again, thank you!
We truly hope that you enjoy all the new features that we introduced in EMET 4.0. We will continue working on improving EMET to provide better and better protections against internet attacks for customers and to make it even more user friendly and easy to use.
See also: Enhanced Mitigation Experience Toolkit (EMET) - Windows 7 Help Forums