New Enhanced Mitigation Experience Toolkit (EMET) 5.0

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments.

EMET helps to protect systems, even before new and undiscovered threats are formally addressed by security updates and antimalware software.

This is what some customers have said about EMET:

"EMET is not a policy-changing tool, but it might just be that additional piece of security software that is worth investing in.” – Wolfgang Kandek, Qualys, Windows EMET Tool Guards Against Java Exploits, 2014

“(The Java- and plugin-blocking feature should) effectively stymie most of the historical attack methods related to Java and Flash. Those two applications have historically caused a lot of heartburn for security teams." – Andrew Storms, CloudPassage, Windows EMET Tool Guards Against Java Exploits, 2014

[video=youtube;T6w_WwUej_M]https://www.youtube.com/watch?v=T6w_WwUej_M[/video]


Let’s take a look at some of the key new capabilities in EMET 5.0:

Two new mitigations further expand EMET protections

Enhanced with the feedback that we received from EMET 5.0 technical preview participants, two new mitigations become generally available today.

First, the new Attack Surface Reduction (ASR) mitigation provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites.

Second, the brand new Export Address Table Filtering Plus (EAF+) mitigation introduces two new methods for helping disrupt advanced attacks. For example, EAF+ adds a new “page guard” protection to help prevent memory read operations, commonly used as information leaks to build exploitations.

Also, with 5.0, four EMET mitigations become available on 64-bit platforms. You can read more on that and find a deep dive of all the new features on our Security Research and Defense (SRD) Blog.

New configuration options deliver additional flexibility

EMET 5.0 offers new user interface (UI) options so that customers can configure how each mitigation applies to applications in their environment, taking into account their enterprise frameworks and requirements. For example, users can configure which specific memory addresses to protect with the HeapSpray Allocation mitigation using EMET 5.0. We continue to provide smart defaults for many of the most common applications used by our customers.

Many enterprise IT professionals deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. With version 5.0, propagating EMET configuration changes via Group Policy becomes even easier, as we have improved how EMET handles configuration changes, when applied in an enterprise network.

The new Microsoft EMET Service is another feature our enterprise customers will find helpful in monitoring status and logs of any suspicious activity. With this new service, our customers can use industry standard processes, such as Server Manager Dashboard of Windows Server, for monitoring.

Additionally, with EMET 5.0, we have improved the Certificate Trust feature, allowing users to turn on a setting, in order to block navigation to websites with untrusted, fraudulent certificates, helping protect from Man-In-The-Middle attacks.

New default settings provide protections from the get-go

EMET’s Deep Hooks capability helps protect the interactions between an application and the operating system. In EMET 5.0, Deep Hooks is turned on by default, helping provide stronger protections by default. Furthermore, this default setting is now compatible with a wider range of productivity, security and business software.

Since we released EMET 5.0 Technical Preview in February this year, our customers and the community showed strong interest. Through user forums and Microsoft Premier Support Services, which assists enterprise EMET users, we received valuable feedback to shape the product roadmap ahead.

In the same lines, we invite you to download EMET 5.0 and let us know what you think.

Protect your enterprise. Deploy EMET today.

Thanks,

Chris Betz
Senior Director, MSRC

Source: General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0 - MSRC - Site Home - TechNet Blogs


See also: Enhanced Mitigation Experience Toolkit (EMET) - Windows 7 Help Forums
 

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
Thanks. Installed.
 

My Computer

System One

  • OS
    Windows 10 Pro Prieview x64
    Computer type
    Laptop
    System Manufacturer/Model
    MacBook Pro Core2Duo
    CPU
    T7600
    Memory
    3
    Graphics Card(s)
    ATI Radeon X1600
    Monitor(s) Displays
    Internal
    Screen Resolution
    1440 x 800
    Hard Drives
    40GB
    Keyboard
    Apple
    Mouse
    Apple
    Internet Speed
    Varies
    Browser
    Various
    Antivirus
    Defender
Back
Top