New mitigations added, include sturdier default security

Aug 1, 2014 20:47 GMT  ·  By

Microsoft rolled out version 5.0 of Enhanced Mitigation Experienced Toolkit (EMET), which integrates two new mitigations, Attack Surface Reduction and Export Address Table Filtering Plus.

EMET is a free tool aimed at helping users protect against common cyber-attack techniques and avoid compromise of their system.

Through the newly available Attack Surface Reduction (ASR), customers can control if and how specific plug-ins or modules should work in certain applications.

One example provided by the developer is that ASR allows turning on the use of a browser plug-in on internal company websites, which are needed by employees, but disables it when landing on an external online location.

Export Address Table Filtering Plus (EAF+) has been crafted as a solution with two protection methods for thwarting advanced attacks. “For example, EAF+ adds a new ‘page guard’ protection to help prevent memory read operations, commonly used as information leaks to build exploitations,” writes Microsoft Security Response Center (MSRC), Chris Betz in a blog post.

The new EMET comes with Depp Hooks (offers protection for critical APIs and lower level APIs) enabled from the get-go and it works with a larger list of programs.

Microsoft advertises the fresh release as having increased flexibility, by providing the possibility to control how mitigations are applied to each application in their environment; setting up specific memory addresses to be protected with the HeapSpray Allocation mitigation is now possible in EMET.

Navigation to websites with untrusted or fake certificates can be blocked completely, thanks to the improvements to the Certificate Trust feature, thus keeping clients safe from man-in-the-middle attacks.

The stable version of EMET 5.0 comes after spending five months in the Technical Preview stage of development.