Secure Your PC with Microsoft EMET - Enhanced Mitigation Experience Toolkit

Unclaimed Prize and Browser Vulnerabilities at Pwn2Own 2014

During the Pwn2Own 2014 hacking contest, a single cash reward remained unclaimed. While successful exploits were demonstrated against all leading web browsers, the $150,000 grand prize for compromising Internet Explorer 11, when protected by EMET, proved unattainable for the participating hackers.

The Role of EMET in Security

EMET (Enhanced Mitigation Experience Toolkit) is a Microsoft security tool designed to provide an additional layer of defense. It is primarily aimed at system administrators, but can be readily deployed by individual Windows users.

The toolkit allows users to activate several security enhancements with minimal technical expertise. This is particularly valuable for bolstering the security of older, potentially vulnerable systems.

Securing Legacy Systems

Notably, EMET can be utilized to enhance the security posture of outdated operating systems, such as Windows XP, which no longer receive official security updates. This provides a crucial safeguard against emerging threats.

EMET's Evolution and Current Status

It is important to note that EMET has since been discontinued by Microsoft. However, its functionality has been integrated directly into Windows 10 as Exploit Protection.

This built-in feature offers similar protections, ensuring that Windows 10 users benefit from the advancements originally pioneered by EMET.

Enhancing Application Security Rapidly

To bolster your system's defenses, obtain and install the Enhanced Mitigation Experience Toolkit (EMET) from Microsoft. During installation, choosing "Use Recommended Settings" will activate pre-configured protections for frequently targeted applications.

These include programs such as Internet Explorer, Microsoft Office, Adobe Reader, and the potentially vulnerable Java plug-in.

Launching and Configuring EMET

Initiate the EMET graphical user interface (GUI) either from your Start menu or Start screen. Locate and click the "Import" button situated in the upper-left corner of the application window.

Select the "Popular Software.xml" file, which is included with the EMET installation. Importing this file will integrate additional security rules.

Expanding Protection to Third-Party Applications

These rules are designed to provide enhanced security for a range of popular third-party programs. This includes applications like Firefox, Chrome, Skype, iTunes, Photoshop, Thunderbird, Opera, Google Talk, Pidgin, VLC, WinRAR, and 7-Zip.

Reviewing Installed Rules

The rules currently applied to your system can be viewed by selecting the "Apps" button. This button is found under the "Configuration" section within the ribbon at the top of the EMET window.

Following these steps will significantly improve your computer’s security posture. Further details regarding EMET’s functionality and custom rule creation are available for those interested.

How Does EMET Function?

Related: The Enhanced Security of 64-bit Windows Versions

Microsoft’s commitment to security significantly increased with the release of Windows XP SP2, initiating the inclusion of security capabilities that applications could utilize. For instance, Data Execution Prevention (DEP) empowers the operating system to designate specific memory areas as non-executable. Should an attacker exploit a buffer overflow vulnerability within an application and attempt to execute code from a data-marked sector, the operating system will prevent its execution.

Address Space Layout Randomization (ASLR) further enhances security by randomizing the memory locations of applications and system libraries. This prevents attackers from crafting dependable exploits reliant on precise code addresses. These represent only a fraction of the security features available in contemporary Windows versions, bolstering system protection against exploitation even when vulnerabilities are discovered.

These features are activated by default for Windows’ core system processes. Application developers also have the option to enable them for their software. However, default activation for all programs is not implemented, as compatibility issues can arise, particularly with older applications.

To maintain broad compatibility, Windows operates applications without these security enhancements unless explicitly requested by the program itself.

EMET offers a mechanism to activate DEP, ASLR, and other security measures for applications that haven't specifically requested them. Its exclusion from standard Windows features stems from the potential for program incompatibility and the challenges in troubleshooting such issues for average users.