If you are still running legacy applications that haven’t been or can’t be updated to support Data Execution Prevention (DEP), the Enhanced Mitigation Experience Toolkit (EMET) can be used to force those apps to be run with DEP protection and a series of other exploit mitigations. In today’s Ask an Admin, I’ll go over how to use EMET 4.1 to secure legacy applications in Windows 8.1 and WS 2012 R2.
EMET 4.0 was released in June 2013, having received a major makeover, including the ability to detect attacks that use suspect SSL certificates (configurable certificate pinning), and an audit mode so that mitigations could be tested before being deployed in production.
Adding compatibility for Windows 8.1 and Windows Server 2012 R2, EMET 4.1 has improved Group Policy configuration, support for shared remote desktops environments, and several other improvements.
One of the most important features of EMET is the ability to force legacy applications to use DEP, Address Space Layout Randomization (ASLR), and other mitigation techniques, even if they don’t have compatibility flags. If you use EMET to force a legacy application to be protected by any of the mitigations on offer, you must test the app thoroughly before deploying the new configuration in a production environment. For a full list and explanation of the mitigations on offer, and their compatibility with different versions of Windows, refer to the EMET user guide.
Download EMET 4.1. You can download the EMET .msi and/or the EMET user manual. Run the downloaded .msi and follow through the simple install instructions. You can choose to use the recommended settings, where mitigations for some common applications are automatically added, or configure EMET manually.
In this example, we will add a mitigation for a legacy application on the local machine.
Now close the EMET GUI and test the application you added. For a complete guide to EMET’s capabilities and mitigations, make sure you take a look at the user guide.