Come January, Microsoft planned to end support for Enhanced Mitigation Experience Toolkit (EMET), taking away a valuable security tool that protected Windows systems from malware attacks and zero-day exploits.
While Microsoft would prefer organizations upgrade all users to Windows 10 to take advantage of its enhanced security, the company has extended support for EMET for another 18 months to give enterprises time to switch.
“We have listened to customers’ feedback regarding the January 27, 2017, end-of-life date for EMET and we are pleased to announce that the end of life date is being extended 18 months,” Jeffrey Sutherland, Microsoft’s principal lead program for OS security, wrote on TechNet’s Security Research & Defense.
The reprieve gives administrators until July 2018 to get users off Windows Vista, Windows 7, and Windows 8 and on to Windows 10, at which point EMET will finally enter end-of-life. The timing is close to the Windows 8 end-of-life on January 2018; Windows 7 already ended mainstream support in 2015, and extended support will end in 2020.
Originally introduced in 2009, EMET adds security defenses like address space layout randomization (ASLR) and data execution prevention (DEP) to Windows systems to make it harder for malware to trigger zero-day vulnerabilities, or software flaws that were unknown and have not yet been patched. However, it has “serious limits” because security is being bolted onto the operating system, Sutherland said. EMET’s method for interfacing with Windows—hooking into “low-level areas of the operating system”—isn’t part of the original design and has caused performance and reliability issues for some users.
EMET is also showing its age. Researchers have developed complex methods to bypass it, and the fact that a handful of malware strains have succeeded in infecting machines despite the toolkit indicates that it won’t be as effective against future zero-day exploits.
“Many of EMET’s features were not developed as robust security solutions,” Sutherland said. “As such, while they blocked techniques that exploits used in the past, they were not designed to offer real durable protection against exploits over time.”
While the latest version, EMET 5.5, supports Windows 10, the toolkit is primarily intended to beef up security for older versions of Windows, from Vista to 8.1. Many of these features are now baked into Windows 10, so enterprise users on the latest Windows operation system don’t get additional security benefits from the toolkit in the way users on older Windows systems do.
“Its effectiveness against modern exploit kits has not been demonstrated,” Sutherland noted.
Microsoft has been encouraging enterprises to upgrade their users to Windows 10, to take advantage of newer security features such as DEP, ASLR, Control Flow Guard, and other security mitigations to prevent bypasses in User Access Control and exploits targeting the browser. The enhanced security features are currently available in Windows 10 Enterprise or Education.
Microsoft will be providing a detailed guide for administrators on how to move from older versions of Windows using EMET to Windows 10 at a later date. Enterprises who have been dragging their feet about upgrading to Windows 10 will soon have no choice, since Windows 7 Extended Support ends in 2020 and Windows 8.1 Extended Support will end 2023. EMET’s looming death knell is another way Microsoft is pushing everyone on to Windows 10.
EMET was one of the best tools available to defenders, and it will be sorely missed. But this is the price to pay to have an operation system which has security baked in.