Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows Server 2012

Secure Legacy Applications on Windows Server 2012 R2 and Windows 8.1 with EMET 4.1

If you are still running legacy applications that haven’t been or can’t be updated to support Data Execution Prevention (DEP), the Enhanced Mitigation Experience Toolkit (EMET) can be used to force those apps to be run with DEP protection and a series of other exploit mitigations. In today’s Ask an Admin, I’ll go over how to use EMET 4.1 to secure legacy applications in Windows 8.1 and WS 2012 R2.

EMET 4.1 Released

EMET 4.0 was released in June 2013, having received a major makeover, including the ability to detect attacks that use suspect SSL certificates (configurable certificate pinning), and an audit mode so that mitigations could be tested before being deployed in production.

Adding compatibility for Windows 8.1 and Windows Server 2012 R2, EMET 4.1 has improved Group Policy configuration, support for shared remote desktops environments, and several other improvements.

DEP, ASLR, and Other Advanced Exploit Mitigations

One of the most important features of EMET is the ability to force legacy applications to use DEP, Address Space Layout Randomization (ASLR), and other mitigation techniques, even if they don’t have compatibility flags. If you use EMET to force a legacy application to be protected by any of the mitigations on offer, you must test the app thoroughly before deploying the new configuration in a production environment. For a full list and explanation of the mitigations on offer, and their compatibility with different versions of Windows, refer to the EMET user guide.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Download and Configure EMET 4.1

Download EMET 4.1. You can download the EMET .msi and/or the EMET user manual. Run the downloaded .msi and follow through the simple install instructions. You can choose to use the recommended settings, where mitigations for some common applications are automatically added, or configure EMET manually.

Add a Legacy Application and Mitigations

In this example, we will add a mitigation for a legacy application on the local machine.

  • To launch the EMET GUI, switch to the Start menu and type EMET. Select EMET GUI in the search results.
  • In the EMET GUI, click Apps in the ribbon at the top of the window.
  • In the Application Configuration dialog, click Add Application.
  • In the Add Application dialog, open the application you want to add to EMET.
  • Back in the Application Configuration dialog, you’ll see the application you selected under Mitigations. Here you can select or deselect the mitigations that you want to apply. All mitigations are selected by default.
  • Once you’re done selecting the required mitigations, click OK.
Secure a legacy application with EMET 4.1
Secure a legacy application with EMET 4.1.

Now close the EMET GUI and test the application you added. For a complete guide to EMET’s capabilities and mitigations, make sure you take a look at the user guide.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “Secure Legacy Applications on Windows Server 2012 R2 and Windows 8.1 with EMET 4.1”

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: