SCF Advanced Search


Members
Stats
  • Total Posts: 32435
  • Total Topics: 9857
  • Online Today: 1692
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Author Topic: EMET 5.0 - Microsoft's security tool for The Administrators  (Read 1155 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7444
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


The latest release of a Microsoft security tool that’s designed to stop exploits lets administrators control when third-party plugins are launched, a long favored route for attackers.

Microsoft has been steadily improving and adding more capabilities to the Enhanced Mitigation Experience Toolkit (EMET), a free tool that strengthens the security of non-Microsoft applications by using defenses built within Windows, such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention).

The latest 5.0 iteration, released Thursday, includes something called “Attack Surface Reduction,” which can block some of an application’s modules or plugins that might be abused, wrote Chris Betz, senior director of the Microsoft Security Response Center: http://blogs.technet.com/b/msrc/archive/2014/07/30/general-availability-for-enhanced-mitigation-experience-toolkit-emet-5-0.aspx

He wrote that Microsoft Word, for example, can be prevented from loading an Adobe Flash Player plugin or allow Java plugins to only run from intranet-zone sites rather than outside ones.

Third-party software is often favored by hackers as finding vulnerabilities in the Windows operating system has become more difficult. Java, an application framework for running applications, is often targeted, as well as applications from Adobe Systems.

EMET has been configured by default to block Adobe’s Flash plugin from being loaded by Word, Excel and PowerPoint.

Another improvement to EMET deals with digital certificates, which are used to secure a SSL (Secure Socket Layer) connection, Betz wrote. EMET now has a blocking mode that will tell Internet Explorer to halt an SSL connection if an untrusted certificate is detected without sending session data.

Microsoft also hardened EMET in light of successful efforts at bypassing mitigations in its 4.0 version. Earlier this year, researchers from Bromium, which develops security technologies based on micro-virtualization, found that more technical hackers could bypass all of EMET’s protections: http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/

The company worked on hardening EMET against bypass techniques, which are possible “when a memory corruption within an EMET-protected application can be abused to overwrite selected memory areas and corrupt data belonging to EMET itself,” according to a technical writeup: http://blogs.technet.com/b/srd/archive/2014/07/30/announcing-emet-v5.aspx

(PCW)

Samker's Computer Forum - SCforum.info

Sponsored Links:




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising