Archive

Archive for the ‘EMET’ Category

Security Advisory 3010060 released

October 21st, 2014 No comments

Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file.

As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems.

The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this cyberattack when configured to work with Microsoft Office software. The necessary configuration steps for EMET, are provided in the "Suggested Actions" section of the Security Advisory.

We also encourage you to follow the "Protect Your Computer" guidance by enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we recommend that individuals avoid clicking suspicious links, or opening email messages from unfamiliar senders. More information can be found at www.microsoft.com/protect.

We continue to work on a security update to address this cyberattack. We're monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

Tracey Pretorius
Director, Response Communications

Security Advisory 3010060 released

October 21st, 2014 No comments

Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file.

As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems.

The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this cyberattack when configured to work with Microsoft Office software. The necessary configuration steps for EMET, are provided in the "Suggested Actions" section of the Security Advisory.

We also encourage you to follow the "Protect Your Computer" guidance by enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we recommend that individuals avoid clicking suspicious links, or opening email messages from unfamiliar senders. More information can be found at www.microsoft.com/protect.

We continue to work on a security update to address this cyberattack. We're monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

Tracey Pretorius
Director, Response Communications

General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0

July 31st, 2014 No comments

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments.

EMET helps to protect systems, even before new and undiscovered threats are formally addressed by security updates and antimalware software.

This is what some customers have said about EMET:

"EMET is not a policy-changing tool, but it might just be that additional piece of security software that is worth investing in.” – Wolfgang Kandek, Qualys, Windows EMET Tool Guards Against Java Exploits, 2014

“(The Java- and plugin-blocking feature should) effectively stymie most of the historical attack methods related to Java and Flash. Those two applications have historically caused a lot of heartburn for security teams." – Andrew Storms, CloudPassage, Windows EMET Tool Guards Against Java Exploits, 2014

 

Let’s take a look at some of the key new capabilities in EMET 5.0:

Two new mitigations further expand EMET protections

Enhanced with the feedback that we received from EMET 5.0 technical preview participants, two new mitigations become generally available today.

First, the new Attack Surface Reduction (ASR) mitigation provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites.

Second, the brand new Export Address Table Filtering Plus (EAF+) mitigation introduces two new methods for helping disrupt advanced attacks. For example, EAF+ adds a new “page guard” protection to help prevent memory read operations, commonly used as information leaks to build exploitations.

Also, with 5.0, four EMET mitigations become available on 64-bit platforms. You can read more on that and find a deep dive of all the new features on our Security Research and Defense (SRD) Blog.

New configuration options deliver additional flexibility

EMET 5.0 offers new user interface (UI) options so that customers can configure how each mitigation applies to applications in their environment, taking into account their enterprise frameworks and requirements. For example, users can configure which specific memory addresses to protect with the HeapSpray Allocation mitigation using EMET 5.0. We continue to provide smart defaults for many of the most common applications used by our customers.

Many enterprise IT professionals deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. With version 5.0, propagating EMET configuration changes via Group Policy becomes even easier, as we have improved how EMET handles configuration changes, when applied in an enterprise network.

The new Microsoft EMET Service is another feature our enterprise customers will find helpful in monitoring status and logs of any suspicious activity. With this new service, our customers can use industry standard processes, such as Server Manager Dashboard of Windows Server, for monitoring.

Additionally, with EMET 5.0, we have improved the Certificate Trust feature, allowing users to turn on a setting, in order to block navigation to websites with untrusted, fraudulent certificates, helping protect from Man-In-The-Middle attacks.

New default settings provide protections from the get-go

EMET’s Deep Hooks capability helps protect the interactions between an application and the operating system. In EMET 5.0, Deep Hooks is turned on by default, helping provide stronger protections by default. Furthermore, this default setting is now compatible with a wider range of productivity, security and business software.

Since we released EMET 5.0 Technical Preview in February this year, our customers and the community showed strong interest. Through user forums and Microsoft Premier Support Services, which assists enterprise EMET users, we received valuable feedback to shape the product roadmap ahead.

In the same lines, we invite you to download EMET 5.0 and let us know what you think.

Protect your enterprise. Deploy EMET today.

Thanks,

Chris Betz
Senior Director, MSRC

Categories: EMET, Mitigations Tags:

General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0

July 31st, 2014 No comments

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments.

EMET helps to protect systems, even before new and undiscovered threats are formally addressed by security updates and antimalware software.

This is what some customers have said about EMET:

"EMET is not a policy-changing tool, but it might just be that additional piece of security software that is worth investing in.” – Wolfgang Kandek, Qualys, Windows EMET Tool Guards Against Java Exploits, 2014

“(The Java- and plugin-blocking feature should) effectively stymie most of the historical attack methods related to Java and Flash. Those two applications have historically caused a lot of heartburn for security teams." – Andrew Storms, CloudPassage, Windows EMET Tool Guards Against Java Exploits, 2014

 

Let’s take a look at some of the key new capabilities in EMET 5.0:

Two new mitigations further expand EMET protections

Enhanced with the feedback that we received from EMET 5.0 technical preview participants, two new mitigations become generally available today.

First, the new Attack Surface Reduction (ASR) mitigation provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites.

Second, the brand new Export Address Table Filtering Plus (EAF+) mitigation introduces two new methods for helping disrupt advanced attacks. For example, EAF+ adds a new “page guard” protection to help prevent memory read operations, commonly used as information leaks to build exploitations.

Also, with 5.0, four EMET mitigations become available on 64-bit platforms. You can read more on that and find a deep dive of all the new features on our Security Research and Defense (SRD) Blog.

New configuration options deliver additional flexibility

EMET 5.0 offers new user interface (UI) options so that customers can configure how each mitigation applies to applications in their environment, taking into account their enterprise frameworks and requirements. For example, users can configure which specific memory addresses to protect with the HeapSpray Allocation mitigation using EMET 5.0. We continue to provide smart defaults for many of the most common applications used by our customers.

Many enterprise IT professionals deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. With version 5.0, propagating EMET configuration changes via Group Policy becomes even easier, as we have improved how EMET handles configuration changes, when applied in an enterprise network.

The new Microsoft EMET Service is another feature our enterprise customers will find helpful in monitoring status and logs of any suspicious activity. With this new service, our customers can use industry standard processes, such as Server Manager Dashboard of Windows Server, for monitoring.

Additionally, with EMET 5.0, we have improved the Certificate Trust feature, allowing users to turn on a setting, in order to block navigation to websites with untrusted, fraudulent certificates, helping protect from Man-In-The-Middle attacks.

New default settings provide protections from the get-go

EMET’s Deep Hooks capability helps protect the interactions between an application and the operating system. In EMET 5.0, Deep Hooks is turned on by default, helping provide stronger protections by default. Furthermore, this default setting is now compatible with a wider range of productivity, security and business software.

Since we released EMET 5.0 Technical Preview in February this year, our customers and the community showed strong interest. Through user forums and Microsoft Premier Support Services, which assists enterprise EMET users, we received valuable feedback to shape the product roadmap ahead.

In the same lines, we invite you to download EMET 5.0 and let us know what you think.

Protect your enterprise. Deploy EMET today.

Thanks,

Chris Betz
Senior Director, MSRC

Categories: EMET, Mitigations Tags:

Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview

February 25th, 2014 No comments

I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center (MSRC) engineering teams have been working hard on the next version of EMET, which helps customers increase the effort attackers must make to compromise a computer system.

I’m happy to announce the public release of the EMET 5.0 Technical Preview today from the RSA exhibit hall.

During last night’s RSA reception, conference attendees got a sneak preview of EMET 5.0 as demonstrated by Jonathan Ness, Chengyun Chu, Elia Florio and Elias Bachaalany from our EMET engineering team. If you missed it, we’ll have our EMET engineering team here all week at RSA demonstrating the current version of EMET 4.1, as well as the EMET 5.0 Technical Preview, at the Microsoft Booth (number 3005).

EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and can help protect the computer by diverting, terminating, blocking and invalidating those actions and techniques. In recent 0-days, EMET has been an effective mitigation against memory corruption. Having EMET installed and configured on computers meant that the computers were protected from those attacks.

EMET 5.0 Technical Preview adds new protections for enterprises on top of the 12 built-in security mitigations included in version 4.1. For instance, the new Attack Surface Reduction mitigation allows enterprises to better protect third-party and custom-built applications by selectively enabling Java, Adobe Flash Player and Microsoft or third-party plug-ins. At the Security Research and Defense blog, our engineering team provides a deep dive blog post on EMET 5.0 Technical Preview.

Since the first release of EMET in 2009, our customers and the security community have adopted EMET and provided us with valuable feedback. Your feedback both in forums and through Microsoft Premier Support Services, which provides enterprise support for EMET, has helped shape the new EMET capabilities to further expand the range of scenarios it addresses.

The same goes for EMET 5.0 Technical Preview. As we march towards the final release of EMET 5.0, we would like to invite you to download the EMET 5.0 Technical Preview at microsoft.com/emet to deploy in your test environments. Your feedback is valuable in shaping our roadmap. Please let us know what you think.

Finally, if you’re at the RSA Conference, please stop by our booth and share your feedback with Jonathan, Chengyun, Elia and Elias. We’d like to hear from you!

Thanks,
Chris Betz
Senior Director
Microsoft Security Response Center (MSRC)

Categories: Announcements, EMET Tags: