"The impact of this study shows that technologies that operate on the same plane of execution as potentially malicious code offer little lasting protection," DeMott said. "This is true of EMET and other similar userland protections. That's because a defense that is running in the same space as potentially malicious code can typically be bypassed, since there's no 'higher' ground advantage as there would be from a kernel or hypervisor protection."
Microsoft acknowledges in EMET's documentation that the tool blocks common exploitation techniques, but does not guarantee that vulnerabilities cannot be exploited. According to the EMET mitigation guidelines, the mitigations in EMET work as additional obstacles that an exploit author would have defeat in order to exploit vulnerabilities, so the goal of these obstacles is to make exploitation as difficult as possible to perform.
The real question is not whether EMET can be bypassed, but whether it sufficiently raises the cost of exploitation, the Bromium researchers said in their paper. "The answer to that is likely dependent upon the value of the data being protected. For organizations with data of significant value, we submit that EMET does not sufficiently stop customized exploits."