Today we released a new version of our Enhanced Mitigation Experience Toolkit (EMET 4.0).  EMET is a free mitigation tool designed to help IT Professionals and developers prevent vulnerabilities in software from being successfully exploited. The tool works by protecting applications via the latest security mitigation technologies built into Windows, even in cases where the developer of the application didn’t opt to do this themselves. By doing so, it enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied.

EMET has been a very popular tool among customers trying to manage risk associated with insecure applications they have in their environments.  Over the past year we have seen some attackers evolve their tactics in ways that we believe can be mitigated with a tool like EMET. We have also received feedback from a number of customers on how we could make EMET better fit their needs.  This information has been invaluable in enhancing the latest version of the tool.  EMET 4.0, released today, incorporates a number of new enhancements including protection against Man in the Middle attacks leveraging the Public Key Infrastructure (PKI), and hardening of Return-Oriented Programming (ROP) mitigations.  This version also addresses known compatibility issues and is designed to work with our latest technologies such as Internet Explorer 10 and Windows 8.  Here are more details on what’s new in this new version of EMET:

  • Certificate Trust: SSL Certificate Pinning has been added to help detect Man in the Middle attacks that leverage the Public Key Infrastructure (PKI). With PKI-related attacks on the rise, we felt it was important our customers had the tools necessary to help guard against this type of threat.  This release also comes with specific rules for Microsoft and other popular online services such as Twitter, Facebook, and Yahoo! and enables customers the possibility to create their own customized rules.
  • Hardening of ROP mitigations: In the EMET 3.5 Technical Preview release, we introduced some new mitigations to help stop ROP-based attacks. With the release of EMET 4.0, we hardened these ROP mitigations and solved many of the major compatibility and performance issues.
  • Early Warning: We added a feature called Early Warning that sends useful information to Microsoft every time an attack has been detected by EMET. This feature helps us better and more quickly respond to zero day exploits and PKI-related attacks. While EMET works to detect and help prevent exploits related to a new vulnerability or a malicious certificate, we can mobilize and respond before an issue becomes widespread, resulting in better protection for customers.
  • Compatibility Fixes:  This new version of the tool solves all known compatibility issues that were reported for EMET 3.0 and 3.5 Tech Preview.
  • Internet Explorer 10/Win8 support: On March 12th, a Windows package (KB 2790907) was released to allow all supported versions of EMET to work with Internet Explorer 10 on Windows 8.
  • Redesigned UI and Configuration Wizard: We decided to revamp the EMET Graphical User Interface in order to streamline the configuration operations and to offer accessibility features.  We also added a Configuration Wizard that allows you to apply the recommended memory mitigations and SSL certificate pinning rules to your system.

Of course these enhancements would not be possible without the great feedback from customers and the security community.  For more information on this release, I encourage you to visit the Security Research and Defense blog.

Tim Rains
Director
Trustworthy Computing