Microsoft Security Tool Helps Slam The Door On Attacks, Says Researcher


The latest version of Microsoft's EMET addresses man-in-the-middle attacks by enabling administrators to closely validate digitally signed SSL/TLS certificates, according to Microsoft. Software engineers also added capabilities to help thwart attackers from bypassing Data Execution Prvention using an exploit that relies on return-oriented programming. Some of the mitigations in the toolkit were added from Microsoft's BlueHat Prize submissions in 2012.

The BlueHat contest was designed to reward software engineers for building new defensive mechanisms that can be applied to legacy software. Katie Moussouris, senior security strategist at Microsoft, recently confirmed to CRN that Microsoft is in the planning stages of BlueHat v2.0. Future entrants should stay tuned for developments on the MSRC and Ecostrat blogs, Moussouris said.

Microsoft said it has made its EMET tool much easier to deploy and is encouraging administrators to give it a try. For example, no source code is needed to implement Data Execution Prevention, making it easier to deploy mitigations on software that was written before the defensive technology was made available.

Administrators can use group policy or System Center Configuration manager to deploy EMET. It also has a graphical user interface to configure mitigations so it is consistent regardless of the underlying platform. "There is no need to locate up and decipher registry keys or run platform-dependent utilities," Microsoft said.

The minimum requirements in EMET 4 beta are Windows XP Service Pack 3 and above for client operating systems and Windows Server 2003 Service Pack 1 and above for servers.

No tool is a silver bullet, say security experts. Vulnerability management needs to be part of an organization's security program regardless of whether the EMET tool is used or not, said Wolfgang Kandek, CTO of vulnerability management vendor Qualys.

"Most of the malware that is being installed on workstations do a lot of credential-stealing and it's getting on systems by exploiting a known flaw or zero-day vulnerability," Kandek said. "There's no single tool that can defend against all attacks and no appliance that can secure your environment alone."

PUBLISHED APRIL 23, 2013