Microsoft has released a toolkit called EMET (Enhanced Mitigation Experience Toolkit 4.0) for Windows 8, Windows 7, Windows Vista and Windows XP for free. EMET Toolkit is speicifically designed to help users to block hackers from gaining access to their systems through common attacks. EMET enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit vulnerabilities in a given piece of software. In addition to this, EMET also helps to protect your computer from new or undiscovered threats until they can be addressed through formal security updates.
Once installed, EMET works quietly in the background without interrupting your computer use. Like any security tool, EMET doesn’t guarantee that you’ll never have any problems, but it does make it harder for an attacker to succeed.
EMET 4.0 also includes bug fixes and UI changes to improve the overall user experience. Also, at the end of the installation, EMET will offer the user to automatically apply recommended settings to protect Internet Explorer, Microsoft Office, Adobe Acrobat/Reader, and Oracle Java, as well as a pre-defined set of rules for the Certificate Trust feature that will monitor the main Microsoft and other popular online services. Please remember that EMET 4.0 requires .NET Framework 4, and in order to protect Internet Explorer 10 on Windows 8 you need to install KB2790907 – a mandatory AppCompat update.
Below you can find the number of changes made in EMET Toolkit 4.0
- Certificate Trust: considering the raise of PKI-related attacks, we decided to implement a configurable SSL Certificate Pinning to try to detect Man in the Middle attacks that leverage SSL/TLS certificates. The Certificate Trust feature in EMET is rule-based and allows to pin a specific SSL/TLS certificate to a trusted Root Certificate Authority.
- ROP mitigations and hardening: in the last Technical Preview release of EMET, we introduced some mitigations to try to stop ROP-based attacks by implementing some of the winner ideas of the BlueHat Prize contest. With this new EMET release we hardened the ROP and other mitigations to detect and stop novel attack techniques.
- Early Warning Program: this feature will allow EMET to send contextual data back to Microsoft, through the standard Windows Error Reporting channel, every time that an exploit has been detected and stopped. We are adding this feature to help us respond to new 0day exploits as soon as possible.
- Audit mode: if an exploit is detected, EMET will not terminate the attacked process but it will just report the attack and let the process continue. This mode is only applicable to certain mitigations, for example the anti-ROP ones, that detect the attack when the process is not already in a crashed state. This feature is useful for enterprise customers for testing purposes and to spot false-positives and app-compat problems without compromising the user experience.
