Seems like Microsoft really is taking security seriously these days! What with it releasing some amazing security tools like MiniFuzz, BinScope and Microsoft Security Essentials. Again, Microsoft has released EMET or the Enhanced Mitigation Evaluation Toolkit which helps you harden application without actually recoding them.
EMET activates specific protection mechanisms in compiled binaries. IT supports both 32 bit & 64 bit as well. It is currently able to prevent four attack techniques. They are:
- SEHOP (Structured Error Handling Overwrite Protection) : This mitigation technique performs Structured Exception Handling (SEH) chain validation and breaks SEH overwrite exploitation techniques.
- Dynamic DEP (Dynamic Data Execution Prevention) : This memory protection mitigation technique makes it more difficult to an attacker to exploit memory corruption vulnerabilities by marking portions of a process’ memory non-executable.
- NULL page allocation : This mitigation method blocks attackers from being able to take advantage of NULL references in user mode by allocating the first page of memory before the program starts.
- Heap Spray Allocation : This mitigation is designed to pre-allocate a common set of memory addresses and thus block common attacks that filling a process’ heap with specially crafted content by means of a shellcode.
This application needs no installation. You simply need to copy the files from the zip to a location of your using. Once EMET has been installed it needs to be configured to protect specific processes. So, if you are not familiar with the specific needs of an application, better not do anything with it. Microsoft also clearly states that this toolkit needs expert handling. It has been tested working with 32 bit: Windows XP, Server 2003, Vista, Server 2008 and Windows 7 & 64 bit: Vista and Windows 7 and Windows 2008 R.
Download the version 1.0.2 here.
Related External Links
The Enhanced Mitigation Evaluation Toolkit, Enhanced Mitigation Evaluation Toolkit
You must log in to post a comment.