Microsoft launches EMET 5.5 Beta with Windows 10 support - gHacks Tech News

Microsoft launches EMET 5.5 Beta with Windows 10 support

Microsoft EMET 5.5 Beta, the Enhanced Mitigation Experience Toolkit created by Microsoft, is now available for download for all supported operating systems.

The program, designed to mitigate exploits that slipped by system defenses, has been designed as a security tool that blocks exploits from being carried out successfully on machines running Windows.

While EMET offers by no means 100% protection against all sorts of exploits -- researchers have shown in the past that it is possible to bypass some or even all of EMET's anti-exploit measures -- it is quite useful generally speaking as the majority of malicious software has not been designed to bypass EMET or other anti-exploit software such as Malwarebytes Anti-Exploit.

Microsoft EMET 5.5 Beta

Update: Microsoft EMET 5.5 final has been released in the meantime.

The main Enhanced Mitigation Experience Toolkit website over on Microsoft's Technet site links to the latest stable version of EMET -- currently version 5.2 -- and the latest beta download that Microsoft released yesterday.

microsoft emet 5.5 beta

Probably the biggest change in EMET 5.5 is (official) support for Microsoft's new operating system Windows 10. While EMET 5.2 ran fine on Windows 10, it never supported the operating system officially and this changes with the new release.

When you run the Beta version of EMET after installation you will notice another change right away, provided that you run Windows 10 and not an earlier version of Windows.

The main interface lists the new "Block Untrusted Fonts" option which is set to audit by default. This is a Windows-10 specific feature that is not supported on previous versions of Windows.

Windows 10 ships with settings to block untrusted fonts. The feature is not enabled by default, and can be set to on or audit if desired.

On prevents any font from being loaded that is not in the Fonts directory of the Windows installation, while audit writes untrusted font events to the log but won't block access to them. There is also an option to exclude apps so that they can load untrusted fonts regardless of the global preference.

Configuring untrusted fonts blocking in Windows 10

  1. Tap on the Windows-key, type regedit and hit enter.
  2. Confirm the UAC prompt if it is displayed.
  3. Navigate to the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\.
  4. Right-click on "Kernel" and create the QWORD (64-bit) Value preference MitigationOptions if it does not exist.
  5. To turn untrusted font blocking on, set the value to 1000000000000.
  6. To turn it off again, set it to 2000000000000 or delete MitigationOptions.
  7. To set the feature to audit, set the value to 3000000000000.

Please note that you need to add existing mitigation values to the number. For instance, if MitigationOptions exists already on your system and is set to a value of 1000, you need to add 1000 to the value, e.g. 1000000001000 when turning the untrusted font blocking feature on.

Other EMET 5.5 improvements

The new EMET version ships with a handful of additional improvements:

  • Better configuration of various mitigations via GPO.
  • EAF/EAF+ pseudo-mitigation performance improvements.
  • Bug fixes.

Microsoft notes that EMET 5.5 mitigations do not apply to the company's own Edge browser on Windows 10 due to " the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques".

Now Read: Microsoft Enhanced Mitigation Experience Toolkit Tips

Summary
Microsoft launches EMET 5.5 Beta with Windows 10 support
Article Name
Microsoft launches EMET 5.5 Beta with Windows 10 support
Description
Microsoft released EMET 5.5 Beta, a new version of the Enhanced Mitigation Experience Toolkit. It adds Windows 10 support among other things.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Blume said on December 20, 2015 at 10:31 pm
    Reply

    Can I trust Microsoft EMET 5.5 itself … not to invade my PC privacy or spy for Microsoft ?

    1. kalmly said on December 21, 2015 at 4:00 pm
      Reply

      Haha. I would worry that it would install Windows 10.

  2. Deron J said on December 21, 2015 at 3:00 am
    Reply

    Your article refers to “the latest beta download that Microsoft released yesterday”. The only beta I could find was the one I already had, which was released in October. Did they publish a new beta and then pull it back?

  3. CHEF-KOCH said on December 21, 2015 at 11:36 am
    Reply

    It’s the same beta and old news. Deron

    Since this beta have several issue with strongest settings, especially since TH2 I recommend to better use ANTI-Exploit which works a bit better on several things (and it’s getting a bit faster updates).

  4. CHEF-KOCH said on January 31, 2016 at 4:25 pm
    Reply

    EMET 5.5. Final Build 5.5.5871.31892

    DL:
    https://www.microsoft.com/en-us/download/details.aspx?id=50766
    https://download.microsoft.com/download/8/E/E/8EEFD9FC-46B1-4A8B-9B5D-13B4365F8CA0/EMET%20Setup.msi

    Changes:
    • Windows 10 compatibility
    • Improved configuration of various mitigations via GPO
    • Improved writing of the mitigations to the registry, making it easier to leverage existing tools to manage EMET mitigations via GPO
    • EAF/EAF+ perf improvements
    • Untrusted font mitigation for Windows 10​

  5. chesscanoe said on February 1, 2016 at 12:38 am
    Reply

    I can’t find any documentation from Microsoft on the EMET 5.5. Final Build 5.5.5871.31892 . I’ll hold off installing it until a Microsoft source says it’s actually intentionally released and documented. But that’s just me….

    1. chesscanoe said on February 5, 2016 at 5:49 pm
      Reply

      Note an EMET user of EMET 5.5 final under Windows 10 notes it’s stricter than EMET 5.5 beta.
      “In EMET version 5.5.5871.31892, Canon Digital Photo Professional 3.15 (DPPViewer.exe) won’t open due to DEP mitigation (EMET detected DEP mitigation and will close the application: DPPViewer.exe).”
      “Up to and including EMET 5.5 Beta is has been OK with EMET, but with EMET 5.5 you now need to disable DEP mitigation for Canon DPP software in order to use it on Windows 10.”
      __________

      Quote from https://social.technet.microsoft.com/Forums/security/en-US/1e70c72b-67b2-43c4-bd36-a0edd1857875/application-compatibility-issues?forum=emet#071303f5-ef00-4d86-992f-f68cff8c41c0

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.