Softpedia >News >Microsoft >Security
Softpedia Homepage   

BlueHat Prize Finalist ROP Mitigation Technology Integrated into EMET

Microsoft included Ivan Fratric’s exploit mitigation in its new product release

Jul 25, 2012 12:14 GMT  ·  By
Microsoft includes new ROP mitigation technology in EMET
   Microsoft includes new ROP mitigation technology in EMET

Today, Microsoft announced that one of the finalist technologies in the BlueHat Prize challenge has been integrated into its free Enhanced Mitigation Experience Toolkit (EMET) 3.5 technology preview.

We’re referring here to the ROP exploit mitigation coming from Ivan Fratric, one of the three finalists in the competition, along with Jared DeMott, and Vasilis Pappas.

The grand prize in the challenge was not awarded just yet, but the winner will be announced tomorrow night, Microsoft’s Matt Thomlinson, general manager, Trustworthy Computing Security, notes in a blog post.

The winner will go home with the grand prize of $200,000 in his pocket. All three finalists submitted prototype mitigations aimed at preventing exploits that make use of Return Oriented Programming (ROP) techniques.

The new Tech Preview of EMET was made available with four new checks inside, all based on the exploit mitigation coming from Ivan Fratric.

“Considering the contest submission period closed April 1, I’m thrilled the team has been able to integrate the technology into EMET so quickly,” Matt Thomlinson notes.

“The fact that the BlueHat Prize has gone from contest announcement to real protection for customers within a single calendar year shows the positive impact of collaboration with the security community.”

One of the main goals in the new release is to make exploitation more difficult, thus forcing attackers to spend more time and effort into finding ways to successfully exploit vulnerabilities.

“EMET 3.5 is a great example of exploit economics in action as it offers protection for entire classes of vulnerabilities. EMET also provides defenses that protect assets from unknown threats,” Thomlinson explains.

In addition to announcing the new EMET release, Microsoft also unveiled the availability of its annual MSRC progress report this week, which covers the June 2011 – July 2012 period.

The report is focused on offering info on the company’s collaborative efforts with the security community and the industry at large via programs such as like Microsoft Active Protections Program (MAPP) and Microsoft Vulnerability Research (MSVR).

The report is available for download on this page.

The new Enhanced Mitigation Experience Toolkit (EMET) 3.5 can be downloaded from Softpedia via this link.