Microsoft EMET 5.2 with Control Flow Guard now available
Microsoft's Enhanced Mitigation Experience Toolkit is one of the programs that I install on Windows PCs that I set up for myself or others.
The program attempts to block exploits from successfully running on Windows machines. The most likely scenario where this happens is when attacks managed to sneak past system defenses.
Without EMET, these attacks would be successful whereas you still have a chance of blocking them with EMET.
While EMET is not a catch-all solution that protects you from every piece of malicious code out there, it is not using lots of system resources and adds another layer of protection to Windows machines.
Microsoft has just released EMET 5.2, a new version of the Enhanced Mitigation Experience Toolkit that updates the previous version 5.1.
Note that the company offers two different versions of EMET right now. First the 5.2 version which is the latest, and then version 4.1 Update 1 which it will support until June 9, 2015.
So what is new in EMET 5.2?
Microsoft EMET 5.2 ships with three new features of which two enhance the protection on all supported operating systems and one only on Windows 8 and newer versions.
All EMET installations benefit from Control Flow Guard, a new feature of Visual Studio 2015, that "helps detect and stop attempts of code hijacking". Control Flow Guard is only supported by Windows 8.1 and newer versions of Windows including Windows 10 which means that it benefits only systems that run these operating systems.
The second change improves the program's Attack Surface Reduction mitigation which tries to "stop attempts to run the VBScript extension" when loaded in the Internet Zone of Internet Explorer. According to Microsoft, this protects against the exploitation technique known as VBScript God Mode.
The third and final change affects Internet Explorer as well. EMET supports alerting and reporting with Enhanced Protected Mode enabled from desktop Internet Explorer and Modern Internet Explorer now.
You can download the EMET from the official Microsoft website linked above. It is suggested currently to use the direct link posted in the blog post on the Microsoft Security Research and Defense Blog as the main download site seems to be broken currently.
The installer upgrades existing versions of EMET on the system and also installs the software anew if it has not been installed on the system before.
Now You: Are you using EMET? What's your take on it?Advertisement