Skip to main content

Major exploit found in Microsoft’s EMET anti-malware utility

Security researchers have found a new exploit affecting Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). The breach has since been amended by a patch released on February 2, but there are concerns that a large proportion of users might have opted out of this update as a result of its focus on minor compatibility tweaks.

EMET is a utility that’s meant to prevent exploits being used, which of course makes these findings all the more impactful. It seems that hackers have found a way to remove the protections being offered up by the tool by using one of its own legitimate functions, according to a report from PC World.

Recommended Videos

The utility serves to implement security techniques like Address Space Layout Randomization and Data Execution Prevention to individual applications, which is particularly important for legacy software that was created without access to these processes. Given that this exploit can disable EMET completely, rather than targeting individual techniques, it’s a rather flexible tool for those with criminal intentions.

Crucially, it’s understood that the exploit is capable of targeting three supported versions of EMET — 5.0, 5.1 and 5.2 — as well as outdated iterations like 4.1. The patch distributed earlier this month renders users who are running 5.5 safe, and it’s strongly recommended that others install the update as soon as possible.

The exploit itself takes advantage of a portion of code within EMET that unloads the tool whenever deemed necessary, disabling the protections it offers up. Hackers just need to locate and call this function to do so whenever it is convenient for their purposes.

A blog post published by FireEye, the organization that uncovered the exploit, notes that EMET was conceived as a method of raising the cost of exploit development by complicating the process. As such, it’s of little surprise that criminals are eager to remove it from the equation.

While the breach has now been taken care of, it still represents a liability so long as there are users out there using versions of EMET other than 5.5. However, according to FireEye’s Abdulellah Alsaheel and Raghav Pande, this issue is still cause for concern.

“This bypass was first addressed with the EMET 5.5 beta back in October 2015, however an EMET 5.5 bypass now exists as well,” wrote the pair in email correspondence with Digital Trends. “It is possible that an exploit author could add these bypasses to an existing exploit within just a few days.

“Completely aside from these, there exists an in-the-wild exploit which uses different tactics altogether to evade EMET, that works on all versions of EMET — even 5.5 — so there should always be some level of concern that a malicious entity could be exploiting something.”

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Microsoft may have found a sneaky way to make you use Bing
The new Bing preview screen appears on a Surface Laptop Studio.

Microsoft is trying out a pretty unusual strategy to stop Bing users from switching to Google when they need to search for something. As spotted by Reddit users, and reported on by Windows Latest, if you type "Google" into Bing right now, you'll be taken to a results page with a special header that happens to look similar to the Google search bar.

The page even loads with Bing's top search bar hidden -- you need to scroll up to make it appear. Since what you're looking at is actually Bing, it doesn't say "Google" above the centered search bar. Still, the style of the search bar and the illustration is similar to what you might often find in Google.

Read more
Microsoft accidentally released 38TB of private data in a major leak
A large monitor displaying a security hacking breach warning.

It’s just been revealed that Microsoft researchers accidentally leaked 38TB of confidential information onto the company’s GitHub page, where potentially anyone could see it. Among the data trove was a backup of two former employees’ workstations, which contained keys, passwords, secrets, and more than 30,000 private Teams messages.

According to cloud security firm Wiz, the leak was published on Microsoft’s artificial intelligence (AI) GitHub repository and was accidentally included in a tranche of open-source training data. That means visitors were encouraged to download it, meaning it could have fallen into the wrong hands again and again.

Read more
Hackers are sending malware through seemingly innocent Microsoft Teams messages
Microsoft Teams

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called "DarkGate Loader" has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads "changes to the vacation schedule." Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Read more