Security Protection – Harry Waldron MVP Rotating Header Image

EMET 4.1 – Researchers share recommendations for improvement

As EMET 5.0 will improve endpoint security protection, Bromium Labs shared in a responsible disclosure highly advanced techniques that could work around this protective agent.  The research report can be found in this thread: 

http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/

http://bromiumlabs.files.wordpress.com/2014/02/bypassing-emet-4-1.pdf

QUOTE: We found that EMET was very good at stopping pre-existing memory corruption attacks (a type of hacker exploit).  But we wondered: is it possible for a slightly more technical attacker to bypass the protections offered in EMET?  And yes, we found ways to bypass all of the protections in EMET.  We provide our full technical whitepaper here: [Bypassing EMET 4.1].  We provided our research to Microsoft before speaking about these problems publically.  We also provided recommendations to upgrade the protections where possible.

Comments are closed.