Menu
Microsoft security tool EMET 5.0 puts a leash on plugins

Microsoft security tool EMET 5.0 puts a leash on plugins

The latest version of EMET allows administrators to block plugins on certain websites

Microsoft's latest version of its Enhanced Mitigation Experience Toolkit can block plugins from launching.

Microsoft's latest version of its Enhanced Mitigation Experience Toolkit can block plugins from launching.

The latest release of a Microsoft security tool that's designed to stop exploits lets administrators control when third-party plugins are launched, a long favored route for attackers.

Microsoft has been steadily improving and adding more capabilities to the Enhanced Mitigation Experience Toolkit (EMET), a free tool that strengthens the security of non-Microsoft applications by using defenses built within Windows, such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention).

The latest 5.0 iteration, released Thursday, includes something called "Attack Surface Reduction," which can block some of an application's modules or plugins that might be abused, wrote Chris Betz, senior director of the Microsoft Security Response Center.

He wrote that Microsoft Word, for example, can be prevented from loading an Adobe Flash Player plugin or allow Java plugins to only run from intranet-zone sites rather than outside ones.

Third-party software is often favored by hackers as finding vulnerabilities in the Windows operating system has become more difficult. Java, an application framework for running applications, is often targeted, as well as applications from Adobe Systems.

EMET has been configured by default to block Adobe's Flash plugin from being loaded by Word, Excel and PowerPoint.

Another improvement to EMET deals with digital certificates, which are used to secure a SSL (Secure Socket Layer) connection, Betz wrote. EMET now has a blocking mode that will tell Internet Explorer to halt an SSL connection if an untrusted certificate is detected without sending session data.

Microsoft also hardened EMET in light of successful efforts at bypassing mitigations in its 4.0 version. Earlier this year, researchers from Bromium, which develops security technologies based on micro-virtualization, found that more technical hackers could bypass all of EMET's protections.

The company worked on hardening EMET against bypass techniques, which are possible "when a memory corruption within an EMET-protected application can be abused to overwrite selected memory areas and corrupt data belonging to EMET itself," according to a technical writeup.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags MicrosoftsecurityExploits / vulnerabilities

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments