Microsoft releases EMET 5.1 bugfix

November 11, 2014 // 12:36 p.m.

Tags: #emet #insecurity #internet-explorer #microsoft #mitigation #patch #patch-tuesday #security #vulnerability #windows

Microsoft has announced a new release of its Enhanced Mitigation Experience Toolkit (EMET), which fixes bypass vulnerabilities and increasing compatibility from earlier versions.

Designed to improve the security of Windows-based platforms, EMET is designed to harden the operating system and selected applications against certain attack vectors. Because it doesn't block specific vulnerabilities, but only makes it harder for vulnerabilities to be fully exploited, it offers some protection against zero-day attacks - vulnerabilities which are publicly known but not yet patched against. Sometimes, however, its hardening measures can decrease software compatibility or cause other problems; as a result, it's not a standard feature of Windows and must be installed manually, with Microsoft pushing it heavily for its enterprise customer base.

The latest version, EMET 5.1, fixes several flaws in earlier releases which could allow attackers exploiting an as-yet unpatched vulnerability to bypass its protection - including a race condition in the address space layout randomisation (ASLR) mitigation and several other mitigations failing to work properly if export address table access filtering (EAF) is disabled. The new version also fixes compatibility issues discovered following November's Patch Tuesday releases, solving problems with the 64-bit version of Internet Explorer as well as with third-party packages including Adobe Reader, Adobe Flash and Mozilla Firefox when EAF+ is enabled.

'If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation,' explained Microsoft's EMET team in a blog announcement. 'Alternatively, you can temporarily disable EAF+ on EMET 5.0. Details on how to disable the EAF+ mitigation are available in the User Guide. In general we recommend upgrading to the latest version of EMET to benefit from all the enhancements.'

Finally, for the more advanced user, EMET 5.1 adds a local telemetry feature which allows the system to save a memory dump locally when a mitigation is triggered. This dump can then be investigated to discover the cause, and potentially used to pinpoint both bugs in EMET itself as well as as-yet unknown attacks which can be later patched.

The latest EMET version can be downloaded from Microsoft's official website.
Discuss this in the forums