14 DAY TRIAL // Researchers from security firm FireEye have discovered a method through which malware can use Microsoft EMET to disable... Microsoft EMET.
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a collection of security features packed into one single toolkit, which Microsoft has offered as an optional download through its official website.
The project launched in 2009, and at the start of February, Microsoft released EMET version 5.5, adding Windows 10 support, and a few bug fixes.
The particular trick that FireEye security researchers discovered revolves around the notion that to protect applications from a series of exploits, EMET loads DLLs (Dynamic Link Libraries) into the applications it needs to protect.
But as with any properly coded security anti-exploit security product, EMET also includes functions that unload those DLLs from the applications it injected.
Researchers discovered that this function can be modified and used against EMET itself, tricking the security tool into disabling global EMET protections.
FireEye says that this is not the first exploit that has been successful at disabling Microsoft's EMET security tool, but it's the easiest one to use.
FireEye says they've successfully tested the technique on EMET 4.1, 5.1, 5.2, and 5.2.0.1. Before going public with their findings, FireEye informed Microsoft of this issue, and a fix against this exploit was included in EMET 5.5, released earlier this month.
Besides the Windows 10 support, users now have a much better reason to update to the latest EMET version.