Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft EMET 5.2 is available SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft EMET 5.2 is available

Microsoft has announced a new release of the Enhanced Mitigation Experience Toolkit (EMET) 5.2.

The main the main changes and improvements as the following:

  • Control Flow Guard: EMET’s native DLLs have been compiled with Control Flow Guard (CFG). CFG is a new feature introduced in Visual Studio 2015 (and supported by Windows 8.1 and Windows 10) that helps detect and stop attempts of code hijacking. EMET native DLLs (i.e. EMET.DLL) are injected into the application process EMET protects. Since we strongly encourage 3rd party developers to recompile their application to take advantage of this very latest security technology, we have compiled EMET with CFG.
  • Enhanced Protected Mode/Modern IE: EMET now fully supports alerting and reporting from Modern Internet Explorer, or Desktop IE with Enhanced Protected Mode mode enabled.
  • VBScript in Attack Surface Reduction: the configuration for the Attack Surface Reduction (ASR) mitigation has been improved to stop attempts to run the VBScript extension when loaded in the Internet Explorer's Internet Zone. This would mitigate the exploitation technique known as “VBScript God Mode” observed in recent attacks

========================================================================

1- http://blogs.technet.com/b/srd/archive/2015/03/12/emet-5-2-is-available.aspx

2- https://technet.microsoft.com/en-us/security/jj653751

 Basil

60 Posts
ISC Handler
Mar 13th 2015
Subscribe Mar 13th 2015
5 years ago
Emet 5.2 seems a bit unstable currently. The default settings cause IE 11 to stop working when loading a web page (including isc.sans.edu). No problems observed with Firefox. However, I'm still rolling back to 5.1 for now.
 James

2 Posts
Quote Mar 13th 2015
5 years ago
https://social.technet.microsoft.com/Forums/en-US/e46d951e-d8b1-4357-88d2-23f376bd3160/emet-52-breaks-internet-explorer-11?forum=emet

breaks ie11 for win8.1
 Mallory Bobalice

28 Posts
Quote Mar 14th 2015
5 years ago
MS quietly updated EMET 5.2 for the IE issues:
(see update note at bottom of this TechNet page) http://blogs.technet.com/b/srd/archive/2015/03/12/emet-5-2-is-available.aspx

Woody Leonhard was my initial source for the update info:
http://www.infoworld.com/article/2897642/operating-systems/microsoft-re-releases-emet-5-2-fixing-problems-while-running-under-windows-8-1.html
 FTWMike

24 Posts
Quote Mar 21st 2015
5 years ago

Sign Up for Free or Log In to start participating in the conversation!