Today we are pleased to announce a new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here to download the tool free of charge.
The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult. EMET is designed to mitigate exploitation attempts (even of 0-days) by making “current” exploitation techniques harder and less reliable. Users interested in finding out more about EMET can read more here.
EMET has a proven track record of stopping real-life attacks, as we have detailed in our previous blog-posts here , here and here.
This release marks a big milestone for EMET since this is the first version that is available as an officially-supported product. Support will be forum based available here.
Today’s release comes with some new features:
- EMET is an officially-supported product through the online forum
- “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.
- Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
- Improved command line support for enterprise deployment and configuration
- Ability to export/import EMET settings
- Improved SEHOP (structured exception handler overwrite protection) mitigation
- Minor bug fixes
I would like to thank Matt Miller for his work on EMET.
- Fermin J. Serna, MSRC Engineering