The Security Detail

Mar 21 2011   9:54PM GMT

Use Microsoft EMET to Reduce Risk of Attack

Tony Bradley Tony Bradley Profile: Tony Bradley

Today, Adobe patched a critical security flaw in Flash Player that impacted Flash Player, Acrobat, and Reader. When Adobe announced the vulnerability last week, it noted that attacks were being seen in the wild using a malicious Flash (SWF) file embedded in a Microsoft Excel (XLS) file attachment.

Microsoft was quick to point out, however, that the Flash Player attack would not work on Excel 2010. A Microsoft Security Research & Defense blog post explains, “The current attacks do not bypass the Data Execution Prevention security mitigation (DEP).Microsoft Office 2010 turns DEP on for the core Office applications, and this will also protect Flash Player when it is loaded inside an Office application.In addition to that, users of the 64 bit edition of Microsoft Office 2010 have even less exposure to the current attacks as the shellcode for all the exploits we’ve seen will only work on a 32 bit process.”

Fair enough. Office 2010 provides better security than previous versions of Office, and the 64-bit version of Office 2010 is even more secure still. Many organizations still rely on Office 2007 or earlier releases, though–so are they just out of luck?

Fortunately, Microsoft provides a better solution than simply suggesting that everyone upgrade to Office 2010. Microsoft offers a tool called the Enhanced Mitigation Experience Toolkit–or EMET. The tool is basically designed to let you implement mitigations to better protect older software that does not have the benefit of the security controls found in current products.

The Microsoft blog post says, “Turning on EMET for the core Office applications will enable a number of security protections called security mitigations. The exploits we’ve seen so far are broken by three of these mitigations: DEP, Export Address Table Access filtering (EAF), and HeapSpray pre-allocation. EMET is of value even to Microsoft Office 2010 as it has the first of the three enabled by default, but does not have the second or third ones.”

I highly suggest you download EMET and take a look at what it can do for you. It can help with newer software, but for legacy software it is a must-have.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: