Microsoft upgrades free app security tool

Enhanced Mitigation Experience Mitigation Experience Toolkit 2.0 helps Internet apps ward off targeted attacks

Microsoft released this week an upgrade to a tool that helps secure applications for the Internet without having to recode them.

The company's EMET (Enhanced Mitigation Experience Toolkit) 2.0 is a free tool designed to prevent current exploitation techniques used throughout the Internet, the company said. EMET 2.0 is accessible on Microsoft's Website. The tool helps to block targeted attacks against unpatched vulnerabilities in Microsoft, third party, or line of business applications, Microsoft said.

[ Microsoft this week also is hailing its Silverlight rich Internet technology. | Keep up with app dev issues and trends with InfoWorld's Fatal Exception blog and Developer World newsletter. ]

"While EMET can be used by anybody, it is primarily targeted at protecting applications on machines that are at high risk for attack. Good examples include line of business applications on back-end servers and browsers on the desktops of corporate executives. These are scenarios where an application compromise could be particularly damaging," said Andrew Roths and Fermin J. Serna of Microsoft Security Research Center (MSRC) Engineering, in a blog post.

Featured in version 2.0 is a new user interface that shows running processes and whether EMET is active for them. Also, the tool adds the following mitigations to applications that do not support them natively:

  • Mandatory address space layout randomization
  • An export address table capability in which hardware breakpoints are used to filter access to the EAT of kernel32.dll and ntdll.dll
  • Structured Error Handling Overwrite Protection, preventing Structured Exception Handling overwrite exploitation
  • Dynamic Data Execution Prevention, which marks portions of a process's memory non-executable, to make it difficult to exploit memory corruption vulnerabilities
  • NULL page allocation, to block attackers from taking advantages of NULL references in user mode
  • Heap Spray Allocation, to pre-allocate memory addresses to block common attacks that fill a process's heap with specially crafted content

EMET 2.0 allows customers to opt-in applications via a command line or through a GUI utility. Mitigations can be applied on a per-application and per-process basis. The tool can be updated as new mitigation technologies become available.

Thirty-two and 64-bit applications are supported.

This article, "Microsoft upgrades free app security tool," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies