Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Windows Server 2012

Secure Legacy Applications on Windows Server 2012 R2 and Windows 8.1 with EMET 4.1

If you are still running legacy applications that haven’t been or can’t be updated to support Data Execution Prevention (DEP), the Enhanced Mitigation Experience Toolkit (EMET) can be used to force those apps to be run with DEP protection and a series of other exploit mitigations. In today’s Ask an Admin, I’ll go over how to use EMET 4.1 to secure legacy applications in Windows 8.1 and WS 2012 R2.

EMET 4.1 Released

EMET 4.0 was released in June 2013, having received a major makeover, including the ability to detect attacks that use suspect SSL certificates (configurable certificate pinning), and an audit mode so that mitigations could be tested before being deployed in production.

Adding compatibility for Windows 8.1 and Windows Server 2012 R2, EMET 4.1 has improved Group Policy configuration, support for shared remote desktops environments, and several other improvements.

DEP, ASLR, and Other Advanced Exploit Mitigations

One of the most important features of EMET is the ability to force legacy applications to use DEP, Address Space Layout Randomization (ASLR), and other mitigation techniques, even if they don’t have compatibility flags. If you use EMET to force a legacy application to be protected by any of the mitigations on offer, you must test the app thoroughly before deploying the new configuration in a production environment. For a full list and explanation of the mitigations on offer, and their compatibility with different versions of Windows, refer to the EMET user guide.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Download and Configure EMET 4.1

Download EMET 4.1. You can download the EMET .msi and/or the EMET user manual. Run the downloaded .msi and follow through the simple install instructions. You can choose to use the recommended settings, where mitigations for some common applications are automatically added, or configure EMET manually.

Add a Legacy Application and Mitigations

In this example, we will add a mitigation for a legacy application on the local machine.

  • To launch the EMET GUI, switch to the Start menu and type EMET. Select EMET GUI in the search results.
  • In the EMET GUI, click Apps in the ribbon at the top of the window.
  • In the Application Configuration dialog, click Add Application.
  • In the Add Application dialog, open the application you want to add to EMET.
  • Back in the Application Configuration dialog, you’ll see the application you selected under Mitigations. Here you can select or deselect the mitigations that you want to apply. All mitigations are selected by default.
  • Once you’re done selecting the required mitigations, click OK.
Secure a legacy application with EMET 4.1
Secure a legacy application with EMET 4.1.

Now close the EMET GUI and test the application you added. For a complete guide to EMET’s capabilities and mitigations, make sure you take a look at the user guide.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “Secure Legacy Applications on Windows Server 2012 R2 and Windows 8.1 with EMET 4.1”

  1. RSA 2014: Microsoft Releases EMET 5.0 Tech Preview

    […] already here at the Petri IT Knowledgebase, so you can also check out Russell Smith's post about securing legacy applications on Windows Server 2012 R2 and Windows 8.1 using EMET 4.1 for some real-world applications of the current version (4.1) of the EMET […]

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By