May 19, 2011, 11:11AM
Microsoft Releases Version 2.1 of EMET Mitigation Toolkit
Comment Microsoft has released a new version of its Enhanced Mitigation Experience Toolkit, a free download that gives IT staffs the ability to better defend against exploit attempts. The EMET now includes support, as well.
EMET is a toolkit that essentially is designed to add exploit mitigation technologies such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to applications that weren't built with those technologies included. Microsoft started including these exploit mitigations to its own products a few years ago as part of its Trustworthy Computing initiative, but the EMET gives enterprises the opportunity to add them to any application.
"The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult to perform as possible. In many instances, a fully-functional exploit that can bypass EMET may never be developed," Microsoft says in the documentation for the toolkit.
Editor's Pick
In addition to the ability to add ASLR, DEP and SEHOP to older apps, the new version of the toolkit also includes some techniques designed to stop some specific exploitation techniques that attackers are using right now.
"The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques," Microsoft said.
Microsoft originally pushed out EMET to IT departments last summer. Users can download the newest version of EMET here.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Iranian Students Claim to have Stolen Thousands of Researcher's Records
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (9)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (9)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (3)
-
Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist (3)
-
Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends (2)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
