Microsoft released this week an upgrade to a tool that helps secure applications for the Internet without having to recode them.
The company’s EMET (Enhanced Mitigation Experience Toolkit) 2.0 is a free tool designed to prevent current exploitation techniques used throughout the Internet, the company said. EMET 2.0 is accessible via the Internet. The tool helps to block targeted attacks against unpatched vulnerabilities in Microsoft, third party, or line of business applications, Microsoft said.
“While EMET can be used by anybody, it is primarily targeted at protecting applications on machines that are at high risk for attack. Good examples include line of business applications on back-end servers and browsers on the desktops of corporate executives. These are scenarios where an application compromise could be particularly damaging,” said Andrew Roths and Fermin Serna of Microsoft Security Resarch Center (MSRC) Engineering, in a blog post.
Featured in version 2.0 is a new user interface that shows running processes and whether EMET is active for them. Also, the tool adds the following mitigations to applications that do not support them natively:
- Mandatory address space layout randomization
- An export address table capability in which hardware breakpoints are used to filter access to the EAT of kernel32.dll and ntdll.dll
- Structured Error Handling Overwrite Protection, preventing Structured Exception Handling overwrite exploitation
- Dynamic Data Execution Prevention, which marks portions of a process’s memory non-executable, to make it difficult to exploit memory corruption vulnerabilities
- NULL page allocation, to block attackers from taking advantages of NULL references in user mode
- Heap Spray Allocation, to pre-allocate memory addresses to block common attacks that fill a process’s heap with specially crafted content
EMET 2.0 allows customers to opt-in applications via a command line or through a GUI utility. Mitigations can be applied on a per-application and per-process basis. The tool can be updated as new mitigation technologies become available.
Thirty-two and 64-bit applications are supported.