Recent 0day IE vulnerability causes Microsoft to recommend EMET

A recent 0day on IE caused Microsoft to recommend a lesser-known but long-standing Microsoft tool called the Microsoft Enhanced Mitigation Experience Toolkit, which recently hit v3.0 and along with it official support from Microsoft for use in a production environment.

This is a monumental security milestone for Microsoft as it provides a fix to the reason why certain classes of malicious code can take place thus fixing the flaw which lets it happen rather than catching the attack in hand.

There is a profile included in EMET which you can import and this contains most of the popular applications, and if you review those apps there are certain mitigations turned off on certain apps hence showing evidence of some testing (which you shouldn’t then need to do yourself).

What EMET provides is a strong mitigation for a whole class of vulnerabilities of which target popular software such as web browsers, browser plugins, Adobe Acrobat, Shockwave Flash, and any other application exposed to data from untrusted sources like the internet. The EMET method of mitigation is so successful it is better than antivirus for blocking these types of attacks as it provides protection from future unknown threats of this kind and it never needs ‘updating’ with virus signatures.

I have successfully been running EMET for 5 or so months now in the dangerous ‘opt-out’ for everything configuration without issue. The only mitigation i had issue with was aslr for media players or realtime apps.

While some programs are genuinely badly designed and won’t work with many types of mitigations, the few which actually get killed really need to be questioned – do you want to run code which is so bad it triggers? What i find quite surprising is how many times EMET may close a plugin while i’m browsing!

This toolkit is a must for everyone with a Windows machine, simple. Download EMET now from Microsoft, located here:-

http://support.microsoft.com/kb/2458544

Advertisements