VIENNA, Austria, October 28, 2014 /PRNewswire/ --
The EMET (Enhanced Mitigation Experience Toolkit) tool developed
by Microsoft (NASDAQ: MSFT) makes it possible for administrators
and end users to retroactively equip applications with additional
protection mechanisms. This enhanced protection is intended to
prevent various attack techniques that are currently used by cyber
attackers.
Security expert René Freingruber of the SEC Consult
Vulnerability Lab has developed numerous methods to get around the
basic protection mechanisms of EMET in all currently available
versions [1]. If a cyber attacker were to use these new bypass
methods, serious attacks could be carried out. A software product
protected with EMET as a workaround affected by a critical zero-day
vulnerability could, for example, fall under the control of
attackers.
Microsoft was informed of this by SEC Consult and is working on
an improvement to the protection methods.
The experts of the SEC Consult Vulnerability Lab advise you to
not view EMET as an unbeatable protection measure, because the tool
can definitely be bypassed with the help of newly discovered
methods.
SEC Consult considers it as necessary for software manufacturers
to make the development of applications more secure and to
regularly test their software extensively for application
security.
[1] SEC Consult Proof of Concept Video:
http://youtu.be/TuBQnvnKKHY
For more information, please contact:
Johannes Greil, MSc
Head of SEC Consult Vulnerability Lab
Tel.: +43-1-890-30-43-0
mailto: research@sec-consult.com
SOURCE SEC Consult