Join today and have your say! It’s FREE!

Become a member today, It's free!

We will not release or resell your information to third parties without your permission.
Please Try Again
{{ error }}
By providing my email, I consent to receiving investment related electronic messages from Stockhouse.

or

Sign In

Please Try Again
{{ error }}
Password Hint : {{passwordHint}}
Forgot Password?

or

Please Try Again {{ error }}

Send my password

SUCCESS
An email was sent with password retrieval instructions. Please go to the link in the email message to retrieve your password.

Become a member today, It's free!

We will not release or resell your information to third parties without your permission.

Microsoft EMET - Armor Against Zero-Days Bypassed Again

MSFT

New methods make it possible to circumvent protection mechanisms of Microsoft EMET 5.0

VIENNA, Austria, October 28, 2014 /PRNewswire/ --

The EMET (Enhanced Mitigation Experience Toolkit) tool developed by Microsoft (NASDAQ: MSFT) makes it possible for administrators and end users to retroactively equip applications with additional protection mechanisms. This enhanced protection is intended to prevent various attack techniques that are currently used by cyber attackers.

Security expert René Freingruber of the SEC Consult Vulnerability Lab has developed numerous methods to get around the basic protection mechanisms of EMET in all currently available versions [1]. If a cyber attacker were to use these new bypass methods, serious attacks could be carried out. A software product protected with EMET as a workaround affected by a critical zero-day vulnerability could, for example, fall under the control of attackers.

Microsoft was informed of this by SEC Consult and is working on an improvement to the protection methods.

The experts of the SEC Consult Vulnerability Lab advise you to not view EMET as an unbeatable protection measure, because the tool can definitely be bypassed with the help of newly discovered methods.

SEC Consult considers it as necessary for software manufacturers to make the development of applications more secure and to regularly test their software extensively for application security.

[1] SEC Consult Proof of Concept Video: http://youtu.be/TuBQnvnKKHY

For more information, please contact:
Johannes Greil, MSc
Head of SEC Consult Vulnerability Lab
Tel.: +43-1-890-30-43-0
mailto: research@sec-consult.com

SOURCE SEC Consult



Get the latest news and updates from Stockhouse on social media

Follow STOCKHOUSE Today