Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit.
The new version of the toolkit includes a GUI, making it much simpler to use. The previous version of EMET was strictly a command-line utility that enabled administrators to opt-in certain applications to specific exploit mitigations. EMET has the ability to add these mitigations to essentially any application running on the machine, and deploy them on a per-process basis, Microsoft officials said.
those who may be unfamiliar with the tool, EMET provides users with the
ability to deploy security mitigation technologies to arbitrary
applications. This helps prevent vulnerabilities
in those applications (especially line of business and 3rd party apps)
from successfully being exploited. By deploying
these mitigation technologies on legacy products, the tool can also help
customers manage risk while they are in the process of transitioning
over to modern, more secure products. In
addition, it makes it easy for customers to test mitigations against any
software and provide feedback on their experience to the vendor,” the company said.
The EMET toolkit has the nice effect of giving users the ability to apply newer exploit mitigations such as DEP (Data Execution Prevention) and SEHOP (Structured Exception Handler Overwrite Protection) to older applications that otherwise wouldn’t be able to benefit from those technologies. Exploit mitigations such as DEP, ASLR (Address Space Layout Randomization), SEHOP and others have become key tools in the fight by software vendors against common and easily exploitable bugs.
Microsoft began adding these mitigations to some of its applications several years ago, but because many organizations still rely on applications that were written and deployed before these technologies were available, there is still a huge deployed base of software that doesn’t have these protections. The new version of EMET is designed to help bridge that gap by making these mitigations usable on older applications and more easily deployable.
Microsoft also has published a video describing the ways that EMET can be used.