Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Security

RSA 2014: Microsoft Releases EMET 5.0 Technical Preview

Microsoft used the annual security extravaganza known as the RSA Conference to take the wraps off a technical preview of the latest version of their Enhanced Mitigation Experience Toolkit (EMET). We’ve written a bit about EMET already here at the Petri IT Knowledgebase, so you can also check out Russell Smith’s post about securing legacy applications on Windows Server 2012 R2 and Windows 8.1 using EMET 4.1 for some real-world applications of the current version (4.1) of the EMET tool.

All About EMET

If you don’t know EMET from Emmet — the star of The LEGO Movie — here’s a quick refresher. EMET is a free software tool that system administrators (and security professionals) can use to help provide additional protection for the software in your IT environment. Microsoft Security Program Manager Gerardo Di Giacomo described EMET in more detail in a blog post on Technet:

“[EMET] helps prevent memory corruption vulnerabilities in software from being successfully exploited for code execution. It does so by opting in software to the latest security mitigation techniques. The result is that a wide variety of software is made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update is not available or has not yet been applied.”

Giacomo also explains in his post that EMET works with all modern Windows OSes, including Windows XP, Windows Vista, Windows 7, and Windows 8. EMET also can be used with existing tools that admins use to deploy, configure, and monitor their IT environments.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Introducing EMET 5.0

What Microsoft announced at the RSA Conference this week is a technical preview for EMET 5.0 that adds a number of new features to this popular free tool, namely export address table filtering plus (EAF+) and Attack Surface Reduction (ASR). Microsoft is demonstrating EMET 5.0 at the is booth (# 3005) at RSA Conference 2014 in San Francisco this week, but everyone can now download the EMET 5.0 technical preview from the EMET website on Technet.

To get more details on what EMET 5.0 is all about, I sat down with Jonathan Ness — Microsoft’s Principal Security Development Manager for EMET — just before Microsoft released the news about the update. Ness elaborated on what system administrators and security professionals can expect from the new EAF+ and ASR features.

Export Address Table Filtering Plus (EAF+)

According to Ness, EAF+ helps EMET protect software by disrupting and defeating various exploits by adding additional protection to KERNELBASE exports and preventing memory read operations on protected export tables, to name just a few features. “These changes improve defenses against exploit activity,” Ness said.

EMET 5.0 EAF+

A screenshot showing an exploit on Internet Explorer being blocked by the EMET 5.0 Technical Preview EAF+ feature. (Source: Microsoft)

Attack Surface Reduction (ASR)

An ongoing concern for many security professionals is the frequently attacks against widely-deployed third-party software like Adobe Flash and Oracle Java. There have been dozens (if not hundreds) of exploits targeted on these two technologies alone, and Ness said that Microsoft wanted to give administrators even more help with securing their IT environments when required business apps needed those technologies to run properly.

Ness says that ASR is specifically designed to help mitigate the risk from those threats by blocking the use of specific technologies within an application.  “You can configure EMET to allow use of security zones to prevent Internet Explorer from loading Java when users access public websites,” Ness said. “And then enable that use when the user is accessing applications on the company Intranet that require the use of Java.”

So do you currently use Microsoft’s EMET tool in your own IT environment? If so, I’d love to hear from you. Drop me an email with a photo, or touch base with me on Twitter, Google+, or Facebook (see below).

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “RSA 2014: Microsoft Releases EMET 5.0 Technical Preview”

  1. RSA Conference 2014: 8 Top Computer Security Trends

    […] out our other coverage of the show, including our list of security companies to watch, news about Microsoft's EMET 5.0 security tool, and our RSA Conference 2014 T-shirt […]

Leave a Reply

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By