Menu
Widespread exploits evade protections enforced by Microsoft EMET

Widespread exploits evade protections enforced by Microsoft EMET

Companies should not rely on EMET to delay patching frequently attacked programs

It's bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.

Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus (EAF+). The exploits have been recently added to the Angler exploit kit.

Angler is one of the most widely used attack tools used by cybercriminals to launch Web-based, "drive-by" download attacks. It is capable of installing malware by exploiting vulnerabilities in users' browsers or browser plug-ins when they visit compromised websites or view maliciously crafted ads.

"The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion," the FireEye researchers said Monday in a blog post.

First released in 2009, EMET can enforce modern exploit mitigation mechanisms for third-party applications -- especially legacy ones -- that were built without them. This makes it much harder for attackers to exploit vulnerabilities in those programs in order to compromise computers.

While EMET is often recommended as a defense layer for zero-day exploits -- exploits for previously unknown vulnerabilities -- it also gives companies some leeway when it comes to how fast they patch known flaws.

In corporate environments, the deployment of patching does not happen automatically. Patches for the OS or stand-alone programs need to be prioritized, tested and only then pushed to computers, a process that can substantially delay their installation.

With widespread exploits now able to evade EMET mitigations, the tool should no longer be relied on to protect old versions of applications like Flash Player, Adobe Reader, Silverlight or Java until a company can update them.

Unfortunately, organizations are sometimes forced to keep old versions of browser plug-ins and other applications installed on endpoint computers in order to maintain compatibility with custom-made internal Web applications that haven't been rewritten in years.

"Applications such as Adobe Flash, web browsers, and Oracle Java should be patched routinely, prioritizing critical patches, or removed if possible," the FireEye researchers said. "Because the Web browser plays an important role in the infection process, disabling browser plugins for Flash or Silverlight may also reduce the browser attack surface."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments