September 2, 2010, 2:54PM
Microsoft Releases New Version of EMET Exploit Mitigation Toolkit
Comment Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit.
The new version of the toolkit includes a GUI, making it much simpler to use. The previous version of EMET was strictly a command-line utility that enabled administrators to opt-in certain applications to specific exploit mitigations. EMET has the ability to add these mitigations to essentially any application running on the machine, and deploy them on a per-process basis, Microsoft officials said.
"For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications. This helps prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited. By deploying these mitigation technologies on legacy products, the tool can also help customers manage risk while they are in the process of transitioning over to modern, more secure products. In addition, it makes it easy for customers to test mitigations against any software and provide feedback on their experience to the vendor," the company said.
Editor's Pick
EMET 2.0
The EMET toolkit has the nice effect of giving users the ability to apply newer exploit mitigations such as DEP (Data Execution Prevention) and SEHOP (Structured Exception Handler Overwrite Protection) to older applications that otherwise wouldn't be able to benefit from those technologies. Exploit mitigations such as DEP, ASLR (Address Space Layout Randomization), SEHOP and others have become key tools in the fight by software vendors against common and easily exploitable bugs.
Microsoft began adding these mitigations to some of its applications several years ago, but because many organizations still rely on applications that were written and deployed before these technologies were available, there is still a huge deployed base of software that doesn't have these protections. The new version of EMET is designed to help bridge that gap by making these mitigations usable on older applications and more easily deployable.
Microsoft also has published a video describing the ways that EMET can be used.
Commenting on this Article is closed.
Today's Most Popular
- Common Firewall Feature Enables TCP Hijacking Attacks
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Facebook Cancellation Malware Disguised As Adobe Update Making Rounds
- How to Break Google Chrome in Six Easy Steps
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (10)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (11)
-
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you (1)
-
Facebook Cancellation Malware Disguised As Adobe Update Making Rounds (3)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (4)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
