Major exploit found in Microsoft’s EMET anti-malware utility

microsoft headquarters
Albertus Engbers/123rf
Security researchers have found a new exploit affecting Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). The breach has since been amended by a patch released on February 2, but there are concerns that a large proportion of users might have opted out of this update as a result of its focus on minor compatibility tweaks.

EMET is a utility that’s meant to prevent exploits being used, which of course makes these findings all the more impactful. It seems that hackers have found a way to remove the protections being offered up by the tool by using one of its own legitimate functions, according to a report from PC World.

The utility serves to implement security techniques like Address Space Layout Randomization and Data Execution Prevention to individual applications, which is particularly important for legacy software that was created without access to these processes. Given that this exploit can disable EMET completely, rather than targeting individual techniques, it’s a rather flexible tool for those with criminal intentions.

Crucially, it’s understood that the exploit is capable of targeting three supported versions of EMET — 5.0, 5.1 and 5.2 — as well as outdated iterations like 4.1. The patch distributed earlier this month renders users who are running 5.5 safe, and it’s strongly recommended that others install the update as soon as possible.

The exploit itself takes advantage of a portion of code within EMET that unloads the tool whenever deemed necessary, disabling the protections it offers up. Hackers just need to locate and call this function to do so whenever it is convenient for their purposes.

A blog post published by FireEye, the organization that uncovered the exploit, notes that EMET was conceived as a method of raising the cost of exploit development by complicating the process. As such, it’s of little surprise that criminals are eager to remove it from the equation.

While the breach has now been taken care of, it still represents a liability so long as there are users out there using versions of EMET other than 5.5. However, according to FireEye’s Abdulellah Alsaheel and Raghav Pande, this issue is still cause for concern.

“This bypass was first addressed with the EMET 5.5 beta back in October 2015, however an EMET 5.5 bypass now exists as well,” wrote the pair in email correspondence with Digital Trends. “It is possible that an exploit author could add these bypasses to an existing exploit within just a few days.

“Completely aside from these, there exists an in-the-wild exploit which uses different tactics altogether to evade EMET, that works on all versions of EMET — even 5.5 — so there should always be some level of concern that a malicious entity could be exploiting something.”


Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Social Media

New Zealand attacks show that as A.I. filters get smarter, so do violators

The shootings in Christchurch, New Zealand were livestreamed to social media, and while stats show networks are improving at removing offending videos, as the system improves, so do the violators' workarounds.

These are the 6 best -- and free -- antivirus apps to help protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.

Here are the 5 of the best antivirus solutions for your small business

Getting your business off the ground is hard enough, and dealing with viruses, hackers, and security breaches only makes it harder. These 5 antivirus solutions can help keep you protected.

Teens using Google Docs as the modern version of passing notes in class

Google Docs is reportedly being used by teens as a secret communications app. Instead of passing notes, students are now using the software's live chat function or comment boxes to talk with their friends while in the middle of classes.
Emerging Tech

A.I.-generated text is supercharging fake news. This is how we fight back

A new A.I. tool is reportedly able to spot passages of text written by algorithm. Here's why similar systems might prove essential in a world of fake news created by smart machines.

HP’s Omen Mindframe headset keeps your ears chill, but might leave you lukewarm

The Omen Mindframe headset uses HP's FrostCap technology to keep ears cool during long gaming sections. While it delivers on keeping ears cool, it forgets some of the essentials of a quality gaming headset.

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.

Here’s how you can watch today’s Nvidia GTC 2019 keynote live

Nvidia's rumored 7nm Ampere graphics could debut soon. The company will be kicking off its GPU Technology conference at 2 p.m. PT today, Monday, March 18, and you can watch the opening keynote here.

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.

There’s more space on MySpace after ‘accidental’ wipe of 50 million songs

MySpace is no longer a safe refuge for music and media produced in the 2000s. It said that almost any artistic content uploaded to the site between 2003 and 2015 may have been lost as part of a server migration last year.

HP’s spring sale cuts prices on the 15-inch Spectre x360 by $270

Looking for a new laptop to start off the spring season? HP has you covered and is currently running a sale that is cutting $270 off the price of the 15-inch touchscreen variant of its Spectre X360 Windows 10 convertible laptop. 

Intel and Facebook team up to give Cooper Lake an artificial intelligence boost

Intel's upcoming Cooper Lake microarchitecture will be getting a boost when it comes to artificial intelligence processes, thanks to a partnership with Facebook. The results are CPUs that are able to work faster.

Dodge the cryptojackers with the best torrent clients available today

Looking for the best torrent clients to help you share all of that wonderful legal content you own? Here's a list of our favorite torrent clients, all packed with great features while dodging malware and adverts.