Posted by: Tony Bradley
EMET, enhanced mitigation experience toolkit, Microsoft, Windows
Windows 7 is more secure than WIndows XP. Period. Likewise, Office 2010 is more secure than Office 2007. It is not that WIndows 7, or Office 2010, or any other new OS or application is magical, it is just the natural evolution of things. New technologies are introduced. New attack techniques are developed. Newer software incorporates features to mitigate those attack techniques.
Microsoft understands, though, that many businesses can’t just jump on the latest software every time there is a new release. Microsoft also recognizes that third-party vendors may drop the ball on some areas of application security. So, Microsoft developed EMET–Enhanced MItigation Experience Toolkit–to give IT admins the tools to apply modern security controls and attack mitigation to legacy operating systems and applications.
Recently, Microsoft rolled out a new release of EMET. A Microsoft Security Research & Defense blog post describes what’s new:
EMET is an officially-supported product through the online forum “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation. Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes Improved command line support for enterprise deployment and configuration Ability to export/import EMET settings Improved SEHOP (structured exception handler overwrite protection) mitigation Minor bug fixes