Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Today at RSA Conference 2014, Microsoft released a new version of its Enhanced Mitigation Experience Toolkit (EMET), “EMET 5.0 Technical Preview.” EMET is one of our most popular free security tools that helps IT Professionals and Developers manage risk for their organizations. Typically it is used by IT Professionals and Developers to help protect systems from exploitation via software vulnerabilities.
EMET helps to protect software applications by using the latest security mitigation technologies built into Windows. This tool can be very effective in cases where a developer might not have turned on Windows security features by default. Running EMET enables a wide variety of software to be made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied. This can give organizations that have deployed EMET more time to test and deploy security updates for applications that they run in their environment.
In this latest version, EMET 5.0 Technical Preview, there are new protections for enterprises that build on the 12 security mitigations included in version 4.1. For example, in the Technical Preview of EMET 5.0 there is a new Attack Surface Reduction security mitigation. This feature allows security professionals to better protect third party and custom-built JAVA line of business applications by selectively enabling JAVA, flash, and Windows embedded controls only within their company intranets. This new Technical Preview also includes further refinements to the existing Export Address Table Access Filtering (EAF) security mitigation that adds more heuristics and filtering functionality, called EAF+, to improve the detection of exploit shell code running in memory. For more information on the latest release, I encourage you to check out our Security Research and Defense blog.
Because of its effectiveness, EMET has been a very popular tool among the customers I talk to, who are responsible for managing application security for their organizations. If you are responsible for managing risk in your organization then I encourage you to check out the latest version of EMET. Protect your enterprise. Deploy EMET today. www.microsoft.com/emet.
Tim RainsDirectorTrustworthy Computing