Feeds

Microsoft hardens EMET security tool: OK, it's not invulnerable, but it's free

Hopes to slap down more zero-day attacks...

Build a business case: developing custom apps

Microsoft has beefed up its Enhanced Mitigation Experience Toolkit (EMET), adding features designed to block more exploits.

The release of the technical review (beta) version of the tool, EMET 5.0, follows the discovery of new attacks against earlier versions of the technology. EMET 5.0 beta comes with a feature called Attack Surface Reduction that makes it easier for corporate security managers to apply usage policies or block Java, Flash Player and third-party browser plug-ins.

Using the tool, Java, for example, could be enabled for intranet applications but blocked when it comes to sourcing anything from the wilds of the worldwide web. In a similar way, Flash could be allowed to run when executed directly from a browser but blocked from execution in cases where it appears in a PDF or an Office file. The latest version of the tool is "not [yet] ready for wide enterprise deployment," as Redmond security gnomes explain.

Version 5 of EMET also comes with a revamped version of Export Address Table Filtering as well as enabling "deep hooks" mitigation by default. The latter modification is crucial in blocking holes in EMET 4.1 discovered by security researchers at security through virtualisation startup Bromium, and unveiled at the B-Sides security conference in San Francisco earlier this week.

EMET is designed to help reduce risk of attacks that exploit zero-day vulnerabilities. Not even Microsoft claims it is invulnerable and the basic idea is to make life for difficult for would-be attackers, an approach that makes a lot of sense in combating cybercrime, if not more sophisticated state-backed hackers with deeper pockets and more patience. The technology comes at no added charge on Windows boxes. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?