News

Microsoft Updates Anti-Exploit Tool for Windows

• By Kurt Mackie
• 05/15/2012

Microsoft released its latest anti-exploit tool that adds a level of security for various software running on Windows systems. Instead of blocking specifically known exploits or providing security patches, the Enhanced Mitigation Experience Toolkit 3.0 is designed to block or "mitigate" known hacking techniques used on software technologies. Microsoft describes the toolkit as a bundle of "pseudo-mitigation technologies," and claims that the toolkit even can help to protect older software that lacked certain security protections.

"The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques," Microsoft's download page explains. "These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use."

EMET used to be known as an "unsupported" Microsoft tool, meaning that it had not undergone extensive testing at Microsoft. However, with version 3.0, Microsoft is now saying that EMET is officially supported. Moreover, Microsoft took efforts with this version to make the tool more user friendly for enterprise environments. For instance, EMET 3.0 now can be deployed, monitored and managed using Group Policy and Microsoft System Center Configuration Manager.

One new reporting improvement added to EMET 3.0 is called the "notifier," which starts with Windows and writes information to the Windows event log. Events get flagged in the application log, but important events also are shown in the taskbar notification area. The tool will log an error message in the taskbar when an exploit is blocked, listing the application that was stopped.

EMET 3.0 also includes a configuration improvement for accessing protection profiles. Protection profiles are XML files used to help protect applications. Microsoft ships EMET with three default protection profiles: one for Internet Explorer, one for Microsoft Office and a third for "common home and enterprise applications." With version 3.0, Microsoft allows IT pros to point to these protection profiles, or custom ones, using wildcard characters, such as the "*" symbol. IT pros don't have to type the whole URL path to the protection profile to protect an app.

EMET 3.0 can be installed on top of the previous 2.1 release and existing rules that were created should still work, according to Suha Can of the Microsoft Security Response Center engineering team, in Microsoft's announcement.

The free version of the Enhanced Mitigation Experience Toolkit 3.0 can be downloaded here. It offers a general protection approach to thwarting exploit code from hackers. The toolkit works with all currently supported versions of Windows, both server and client, and even has been tested successfully with the Windows 8 consumer preview beta, according to Microsoft's announcement.

Additional help for EMET can be found a Microsoft's support forum page.