Microsoft Enhanced Mitigation Experience Toolkit (EMET) 4.1 Technical Review - Part 1

Posted by Ahmed Nabil | 0 comments»
Microsoft Enhanced Mitigation Experience Toolkit (EMET) is a must tool from my point of view for any security professional as well as normal users to help protect them from unknown vulnerabilities or what so called Zero-Day attacks. EMET will try to stop and prevent the malicious code from running however this doesn't mean the vulnerability is fixed. Still you need to check with the software or OS vendor for the latest updates and patches. In these series of blog posts, i will try to cover EMET, installation, configuration for home users or Enterprise customers using Group policies and some tips and tricks especially with 3rd party applications.

EMET provides multiple mitigation as the Data Execution Prevention (DEP), Structured Exception Handler Overwrite Protection (SEHOP), Null Page Allocation, ASLR........etc. and other well known mitigation techniques.

One of my favorite is the Certificate Chain Trust where EMET will run while connecting to an HTTPS site and validate the other end SSL certificate and the Root Certification Authority (CA) that issued this certificate versus the corresponding pinning rule configured by the user, this is very beneficial to detect the man-in-the-middle-attacks.

The latest current public version is EMET 4.1 released on December 2013 and it can be downloaded from http://www.microsoft.com/en-eg/download/details.aspx?id=41138

EMET 5.0 was released for preview couple of days ago and its available for testing and customers feedback, the final release should be released sometime this year. For more info you can check this link https://blogs.technet.com/b/srd/archive/2014/02/25/announcing-emet-5-0-technical-preview.aspx


What are EMET 4.1 Requirements:


  1. Dot Net Framework 4
  2. For Windows 8 and IE 10 Protection you need to have KB2790907

Installation Steps for Standalone users:

  1. EMET installation is straight forward, just few Next clicks and you are done.
  2. The final screen in EMET installation is where you will choose between the Recommended settings or manual settings. For now we will choose Recommended settings.
  3. After installing EMET and if you wanna get back to this configuration wizard then you need to click on the Wizard button on EMET Home as shown below.


 

The bottom of EMET main page shows the Running Process, since EMET default configuration enables protection for Microsoft Internet Explorer so when i opened Internet Explorer to browse the Internet it get listed in the running process with green check to confirm that EMET is enabled on it.


In the next blog post i will explain deployment and configuration using Group Policies for Enterprise Customers and Organizations. See you all then and for the meantime try to install EMET with default configuration and play around with it.