Enhanced Mitigation Experience Toolkit (EMET)
The Enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent attackers from gaining access to computer systems.
- EMET anticipates the most common attack techniques attackers might use to exploit vulnerabilities in computer systems, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques.
- EMET protects computers even before new and undiscovered threats are addressed by security updates and antimalware software.
- It helps enterprises and all PC users by protecting against security threats and privacy breaches that can disrupt businesses and daily lives.
- Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them, and consequently users are faced with a stream of security updates.
- For users who get attacked before the latest updates have been applied or who get attacked before an update is even available in cases such as zero day attacks, the results can be devastating: malware infections, loss of Personally Identifiable Information (PII), loss of business data, etc.
Security mitigation technologies:
Are designed to make more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows customers to leverage these security mitigation technologies onto their systems that provide several unique benefits:
- No source code needed: Several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt-in applications without recompilation. This is especially useful for deploying mitigations on software that was written before the mitigations were available, and when source code is not available.
- Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.
- Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.
- Helps verifying SSL certificates trust while surfing websites: Since incidents concerning Certificate Authorities allowing the creation of fraudulent SSL certificates to perform man-in-the middle attacks are becoming a recurrent problem, EMET offers the possibility to enforce a set of pinning rules that can verify SSL certificates of specified domains against their issuing Root CA (configurable certificate pinning).
Ease of use:
The policy for system wide mitigations can be seen and configured with EMET’s graphical user interface, the command line tool or via Group Policy. There is no need to locate and decipher registry keys, or run platform dependent utilities. With EMET it is possible to adjust settings with a consistent interface regardless of the underlying platform.
EMET is a living tool designed to be updated as new mitigation technologies become available.
This provides a chance to try out and benefit from cutting edge mitigations.
The release cycle for EMET is also not tied to any product.
EMET updates can be made dynamically as soon as new mitigations are ready.
The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques.
These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent systems from being compromised by many of the exploits currently in use.
The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.
How to contact EMET Team:
Microsoft welcomes your comments regarding this privacy statement.
If you have questions about this statement or believe that we have not adhered to it, please contact us by e-mailing emet_feedback @ microsoft.com.
· If you have a technical or general support question, please visit http://support.microsoft.com/ to learn more about Microsoft Support offerings.
· For privacy questions, please contact us by e-mailing emet_feedback @ microsoft.com.
Microsoft EMET, One Microsoft Way, Redmond, Washington 98052 USA • 425-882-8080
To find the Microsoft subsidiary in your country or region, see http://www.microsoft.com/worldwide/.