Microsoft updates EMET exploit mitigation tool
Microsoft has released version 2.1 of its Enhanced Mitigation Experience Toolkit (EMET) hardening tool, which now offers the "Bottom-up Rand" mitigation feature. The new feature randomises the base address in memory of bottom-up memory allocations such as heaps and stacks. This prevents exploits which expect to find a fixed memory address from being executed.
The new version can now enable Export Address Filtering (EAF) for 64-bit processes. EAF prevents injected shell code from accessing various APIs by filtering all accesses to the Export Address Table. Microsoft has improved the Structured Exception Handler Overwrite Protection (SEHOP) feature and fixed several unspecified bugs for EMET 2.1.
Microsoft has also given its hardening tool the ability to import and export EMET settings and introduced command line parameters that allow EMET to be more conveniently deployed and configured via corporate networks. With the release of the new version, Microsoft is for the first time offering official program support. The company has set up a dedicated forum for this purpose.
EMET offers mitigation features for arbitrary applications without requiring source code access. On several occasions in the past, Microsoft has released instructions on the use of EMET to mitigate the potential effects of zero-day exploits. How EMET can be used to protect programs against attacks is explained in a The H Security article "Damage limitation - Mitigating exploits with Microsoft's EMET". EMET is available to download from Microsoft's Download Center.