Microsoft's EMET Security Tool To Lose Support
Microsoft's Enhanced Mitigation Experience Toolkit (EMET) solution, which aimed to protect against malware attack scenarios and exploit methods, will be shutting down shortly.
Microsoft today admitted that EMET is just not up to the task of blocking potential zero-day software exploits. A zero-day exploit is a software flaw that's unknown by a software vendor. Microsoft also indicated that EMET has interfaces into Windows that weren't part of the original Windows design, and that issue has caused performance and reliability problems for some users, according to an announcement today.
The last release of EMET, version 5.5, was designed to protect Windows 10, but "its effectiveness against modern exploit kits has not been demonstrated," Microsoft indicated.
Consequently, Microsoft is planning to stop supporting EMET after July 31, 2018. That date is actually an 18-month extension from the product's original lifecycle support end date. Microsoft extended EMET's life in response to customer feedback, the announcement explained.
Microsoft sees Windows 10 as having better built-in protections against exploits than EMET. It's also touting Windows 10's faster update releases as a security improvement for organizations. Some of EMET's protections are currently built into Windows 10.
"Windows 10 includes all of the mitigation features that EMET administrators have come to rely on such as DEP, ASLR, and Control Flow Guard (CFG) along with many new mitigations to prevent bypasses in UAC and exploits targeting the browser," Microsoft's announcement explained.
EMET's product lifecycle was extended from an original end date of Jan. 27, 2017, but Microsoft still prefers that organizations to move to Windows 10. "For improved security, our recommendation is for customers to migrate to Windows 10," the announcement stated.
At some point, EMET users wanting to move to Windows 10 will be getting a "detailed guide for administrators," Microsoft promised. However, it didn't say when that guide would arrive.
Microsoft touted a bunch of its Windows 10-associated technologies as adding improved security for organizations. The Microsoft Edge browser has a better focus on security, Microsoft claimed. Microsoft also has some virtualization-based security protections for Windows 10 to ward off exploits, such as "Device Guard, Credential Guard, and Windows Defender Application Guard (coming soon)."
Getting these protections typically requires having licensed the Enterprise edition of Windows 10. Device Guard lets organizations specify which applications can run on a device, but it requires having the Enterprise or Education editions of Windows 10. Credential Guard protects credentials against "pass-the-hash" or "pass-the-ticket" types of attacks, but it also requires having the Enterprise or Education editions.
Windows Defender Application Guard, announced during Microsoft's Ignite event, is an Edge browser protection scheme against malicious Web links. Application Guard will run malicious Web sites in a "temporary and isolated copy of Windows" so that personal and corporate data can't be accessed. This protection scheme is designed for use with the Windows 10 Enterprise edition. A preview of Windows Defender Application Guard is coming this year, and product rollout is expected next year.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.