Slashdot Mirror


Complete Microsoft EMET Bypass Developed

msm1267 writes "Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft's Enhanced Mitigation Experience Toolkit (EMET). Principal security researcher Jared DeMott is delivered a presentation at the Security BSides conference explaining how the company's researchers were able to bypass all of the memory protections offered within the free Windows toolkit. The work is significant given that Microsoft has been quick to urge customers to install and run EMET as a temporary mitigation against zero-day exploits targeting memory vulnerabilities in Windows or Internet Explorer. The exploit bypasses all of EMET's mitigations, unlike previous bypasses that were able to beat only certain aspects of the tool. Researchers took a real-world IE exploit and tweaked it until they had a complete bypass of EMET's ROP, heap spray, SEHOP, ASLR, and DEP mitigations."

2 of 116 comments (clear)

  1. Architecturally Insecure by jacobsm · · Score: -1, Troll

    Windows, any version, is architecturally insecure. While it can be patched, you're never going to be able to completely eliminate the insecurities. Does Microsoft have a system integrity statement like this? I highly doubt it.

    IBM’s commitment includes design and development practices intended to prevent unauthorized application programs, subsystems, and users from bypassing z/OS security – that is, to prevent them from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation. Specifically, z/OS “System Integrity” is defined as the inability of any program not authorized by a mechanism under the installation’s control to circumvent or disable store or fetch protection, access a resource protected by the z/OS Security Server (RACF®), or obtain control in an authorized state; that is, in supervisor state, with a protection key less than eight (8), or Authorized Program Facility (APF) authorized. In the event that an IBM System Integrity problem is reported, IBM will always take action to resolve it

    1. Re:Architecturally Insecure by guruevi · · Score: -1, Troll

      It's been a red herring since the introduction of the myth and remains a red herring until this day. Microsoft products are simply insecure because they're closed source and suffer from a lack of interest in fixing the issues.

      Linux and Mac have been making great strides on a much larger number of platforms, most computers these days don't even run Microsoft products anymore but a variation of Linux (servers, 99% of non-Apple ARM devices) or BSD (all Apple products, servers responsible for the infrastructure of the Internet) WITHOUT any virus scanners. You can't even get a Windows computer on the net without a virus scanner, it will be exploited before you can apply the latest patches.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com