Skip to main content
  1. Home
  2. Computing
  3. News

Major exploit found in Microsoft’s EMET anti-malware utility

Brad Jones
By

microsoft headquarters
Albertus Engbers/123rf
Security researchers have found a new exploit affecting Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). The breach has since been amended by a patch released on February 2, but there are concerns that a large proportion of users might have opted out of this update as a result of its focus on minor compatibility tweaks.

EMET is a utility that’s meant to prevent exploits being used, which of course makes these findings all the more impactful. It seems that hackers have found a way to remove the protections being offered up by the tool by using one of its own legitimate functions, according to a report from PC World.

Recommended Videos

The utility serves to implement security techniques like Address Space Layout Randomization and Data Execution Prevention to individual applications, which is particularly important for legacy software that was created without access to these processes. Given that this exploit can disable EMET completely, rather than targeting individual techniques, it’s a rather flexible tool for those with criminal intentions.

Related

Crucially, it’s understood that the exploit is capable of targeting three supported versions of EMET — 5.0, 5.1 and 5.2 — as well as outdated iterations like 4.1. The patch distributed earlier this month renders users who are running 5.5 safe, and it’s strongly recommended that others install the update as soon as possible.

The exploit itself takes advantage of a portion of code within EMET that unloads the tool whenever deemed necessary, disabling the protections it offers up. Hackers just need to locate and call this function to do so whenever it is convenient for their purposes.

A blog post published by FireEye, the organization that uncovered the exploit, notes that EMET was conceived as a method of raising the cost of exploit development by complicating the process. As such, it’s of little surprise that criminals are eager to remove it from the equation.

While the breach has now been taken care of, it still represents a liability so long as there are users out there using versions of EMET other than 5.5. However, according to FireEye’s Abdulellah Alsaheel and Raghav Pande, this issue is still cause for concern.

“This bypass was first addressed with the EMET 5.5 beta back in October 2015, however an EMET 5.5 bypass now exists as well,” wrote the pair in email correspondence with Digital Trends. “It is possible that an exploit author could add these bypasses to an existing exploit within just a few days.

“Completely aside from these, there exists an in-the-wild exploit which uses different tactics altogether to evade EMET, that works on all versions of EMET — even 5.5 — so there should always be some level of concern that a malicious entity could be exploiting something.”

Editors' Recommendations

Topics
Brad Jones
Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Microsoft Teams brings major improvements to search and breakout rooms
Man uses Microsoft Teams on a laptop in order to video chat.

Microsoft Teams is getting some major updates that will help boost your day-to-day experience when using the collaboration service. Coming soon are changes to the search experience, as well as breakout room controls.

Over on the Microsoft 365 Roadmap, Microsoft describes the changes coming to search in the Microsoft Teams desktop app, which are targeted for September and November 2021. Microsoft details that a new search experience in Teams will make finding messages, people, answers, and files faster and more intuitive. Part of that change involves critical intelligence-powered relevance that's based on the people and content you're already engaging with.

Read more
Microsoft releases the first major Windows 11 preview build
White Windows 11 Logo in front of blue background.

As promised, Microsoft has released the first major Windows 11 preview build to the Windows Insider Dev channel for beta testing. This preview version of Microsoft's next-generation operating system comes with many of the new features showcased last week at the company's June 24 event, as well as some new ones.

Along with the big redesign of the Start Menu and Action Center, the other major change in this first preview is the new notification center. It now has more fluently designed quick toggles for Wi-Fi and brightness.

Read more
Windows 11 event: All of the major announcements from Microsoft
Windows 11 on laptop screen

Windows 11 is officially the next generation of Windows. Outside of the fact that the operating system exists, Microsoft announced several new features coming to the operating system at its Windows 11 event.

To keep you up to date on everything happening in the world of Windows, we rounded up all of the major announcements from Microsoft's event.
A faster, more secure version of Windows

Read more