Attackers Can Turn Microsoft's Exploit Defense Tool EMET Against Itself (csoonline.com)

← Back to Stories (view on slashdot.org)

Attackers Can Turn Microsoft's Exploit Defense Tool EMET Against Itself (csoonline.com)

Posted by timothy on Wednesday February 24, 2016 @02:22AM from the friends-like-these dept.

itwbennett writes: FireEye researchers have found a way for exploits to trigger a specific function in EMET that disables all protections it enforces for other applications. The researchers believe that their new technique, which essentially uses EMET against itself, is more reliable and easier to use than any previously published bypasses. It works against all supported versions of EMET — 5.0, 5.1 and 5.2 — but Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. So if you haven't upgraded yet, now would be a good time to do it. For more about how the technique works, read FireEye's blog post.

5 of 40 comments (clear)

Min score:

Reason:

Sort:

Monty Pythonesque by Virtucon · 2016-02-24 02:40 · Score: 2

The tool that prevents hacking has been hacked...

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
HUGE patch download! by DoofusOfDeath · 2016-02-24 02:49 · Score: 3, Funny

For the convenience of Microsoft's customers, the patch for the EMET exploit will also provide a FREE upgrade to Windows 10!
1. Re:HUGE patch download! by Virtucon · 2016-02-24 03:00 · Score: 3, Funny
  
  with ask.com as your default home page and chrome as your browser? Win!
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
WTF, Microsoft? by EndlessNameless · 2016-02-24 03:12 · Score: 5, Insightful

EMET is a baseline requirement if you are focused at all on security.
As with any security measure, it can cause issues with applications. Because of this, sane people are conservative in deploying new versions.
The notes on the EMET 5.5 release and download pages mention this vulnerability nowhere.
A critical flaw in a security tool is a very important thing to know about. This information should be prominent and obvious.
I even checked the user guide in case it is buried somewhere, and there is not a hint of security-related bugfixes in there either.

--

---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
1. Re:WTF, Microsoft? by gstoddart · 2016-02-24 03:46 · Score: 2, Insightful
  
  Because of this, sane people are conservative in deploying new versions.
  Yeah, well, the problem with "new versions" of anything from Microsoft these days is they go to great lengths to not tell you what updates actually contain ... they all just say "this fixes issues with Windows", don't highlight that "well, we're really installing telemetry and other shit to force you to Windows 10". You have to go to great pains to find out what an update actually contains (for instance you can't read anything on their site without being redirected through live.com and other crap).
  Trusting Microsoft to be honest and forthright with what they're doing these days is increasingly more difficult ... so you'll pardon me if them not fessing up to the issue doesn't come as a surprise.
  Microsoft has more or less decided they don't give a crap about consumers, and they're going to do whatever they choose. Hopefully they start to realize just how much they're pissing off users these days.
  
  --
  Lost at C:>. Found at C.