Microsoft Extends EMET End of Life Date

An anonymous reader writes: Microsoft will continue to support and provide security patches for its Enhanced Mitigation Experience Toolkit security software for Windows until July 31 2018, after taking customer feedback into account. EMET is a security utility software popular with enterprise customers running supported versions of Windows. It uses mitigation techniques to block attackers from exploiting vulnerabilities in software. The company's lead program manager for operating system security, Jeffrey Sutherland, said while EMET 5.5x will continue to be supported for another 18 months after the original end of life date of January next year, Microsoft recommended customers migrate to Windows 10 for improved security.

M-O-U-S-E

Ta-da!

"Software" is a mass noun

EMET is a security utility software

No, it's not. It's a program, or a software suite, etc. There's no such thing as "a software".

Quite a Name

[chipschap]

"Enhanced Mitigation Experience" ?

Have to hand it to the marketing guys, computer security is a "mitigation" "experience" that Microsoft has "enhanced."

Re:Quite a Name

> Have to hand it to the marketing guys, computer security is a "mitigation" "experience" that Microsoft has "enhanced."

I find Microsoft very EMETic.

Re: Quite a Name

EMET doesn't add any new features; it just provides a GUI for mitigation techniques built into the OS. EMET does provide an enhanced experience versus editing the registry.

Re: Quite a Name

"Mitigation Techniques" built into the OS ?

EMET should be renamed MS Bug Protector or MS Exploit Protector.
Better would be MS Zero Day Shield.
EMET does mitigate exploits on unknown bugs, but the word Experience on EMET is not needed.

Re:Quite a Name

Anything with word "experience" in its name is marketing driven bullshit that has no real value.

Re:Quite a Name

[nine-times]

It's from the same company that brought you "Windows Genuine Advantage", the purpose of which had nothing to do with being "genuine", and was in no way advantageous. (In case you're not familiar, the purpose of WGA was to detect whether your licensing was in order, and if not, break Windows.)

Let me get this straight.

[techno-vampire]

EMET doesn't block malware from exploiting vulnerabilities, it tries to prevent malware from doing any damage after it gets through. If so, that's not at all unreasonable. You can't ever block all possible holes; at best, you can block the ones you know about, but you can add an extra layer of protection to the programs and files that malware targets. If so, that even gives you a little bit of protection against zero day exploits, because it doesn't do crackers any good to get in if they can't steal or corrupt your data.

Re:Let me get this straight.

EMET doesn't block malware from exploiting vulnerabilities,

It tries to do just this.

it tries to prevent malware from doing any damage after it gets through.

It doesn't try to do this. For this you have things like separation kernels, application white lists, and hopefully a solid permission system and off-line backups. Home user can get practical access to only small part of those. The sad state of security continues.

Re:Let me get this straight.

[johnfordparm]

Good to hear

Re:Let me get this straight.

EMET doesn't protect you from damages.
Take for instance Trojans, worms or Key-loggers. The damages of these types, which were intentionally installed by users, won't be blocked by EMET, but by Antivirus software.

Re:Let me get this straight.

[jbmartin6]

Not sure why you say this. EMET is explicitly designed to prevent the exploitation of vulnerabilities, and can't do anything about damages if one is exploited.

Re:Let me get this straight.

[EndlessNameless]

I have no idea why this was modded up when it so obviously wrong.

If you understand how the product works (at a level that allows you to configure it properly), you know that it is doing exactly that. It prevents malware from exploiting existing vulnerabilities. This protection can be applied to Windows itself as well as 3rd-party applications.

As with any security hardening, there is a substantial risk of compatibility issues. Testing and policy exclusions will be necessary in any real production environment.

And lest there be an argument:

"The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited."

From the actual EMET support page at https://support.microsoft.com/... (which took half a second to google)

Windows 7

How about listening to users and extending Windows 7 support even longer, and perhaps un-crippling the Windows Update service on that platform?

Windows 7 gained more new users than Windows 10 in last two months

Re:Windows 7

The same argument was made over Windows XP, and the answer is still the same. Support ain't free. Microsoft already supports their operating systems far longer than both Apple and Google do. If you want to keep using their software past the date that they promised, you're free to do so, but you have to negotiate a support contract with them. That seems like a fair deal.

Re: Windows 7

That's a great idea. I wonder how much a Kickstarter would need to raise (20 millon? 50? 100?) for a collective extended support contract for Win7 for all participants? We'd need to form a Corporation to get Microsoft's attention, I expect, but their stockholders would demand they respond, right?

after taking customer feedback into account

you mean your marketing people said it would be good PR move to keep it around in light of all the hacks and breakins even though the product itself is nearly worthless, it's still good PR.

if microsoft actually took "customer feedback into account"... they never would have released vista, or 8, or 10; xp and 7 each would have had TWENTY year lifespans, as would office 97 and 2010.

AND.. there would be..
no telemetry/spying bullshit; no forced or "highly encouraged" push to online accounts or cloud services, no such thing as software 'activation', no forced windows/office updates (all user configurable like the good old days), internet explorer never would have existed... etc etc etc.

Re:after taking customer feedback into account

[sexconker]

EMET isn't worthless. It's good for forcing protections on sloppy shit and for enforcing certificate pinning.
You have to actively configure EMET for it to actually do anything worthwhile, though.

Re: after taking customer feedback into account

No. That's if they took Slashdot users concerns to heart. The rest of everyone doesn't think that way.

How about just FIXING THE BUGS

Just more bandaids that don't fix the problem.

A "mitigation" is something done until the bug is FIXED.

Not something that should be permanent. That just means the BUG is still there.

Re:How about just FIXING THE BUGS

[EndlessNameless]

A mitigation offers protection against unpatched and unknown bugs.

This is especially important because most bugs are known for a significant period of time before a patch can be written and tested by the vendor. Even if Microsoft discovers a bug itself and patches it before CVE publication, it is still possible for an outside entity to have discovered and exploited that bug beforehand.

Also, some attackers are reverse engineering patches to develop malware. In most enterprises there is a noticeable gap between patch release and 100% deployment. Mitigations offered by EMET, IPS, antivirus, etc are crucial during this testing/rollout window.

Re:How about just FIXING THE BUGS

[edtice1559]

The purpose of EMET is not to prevent exploitation of vulnerabilities in Microsoft software. It's for helping you deal with third-party software that doesn't have their own mitigation techniques built-in. Microsoft has updated all of it's software years ago to enable everything that's in EMET. The reason for dropping EMET is that adversaries have gotten quite good at getting around the EMET protections. The recommendation is to move to Windows 10 where you get much better protection without the need to use EMET. Stack cookies, control flow guard, delayed memory freeing, et cetera. You're never going to fix every bug, so you need mitigation techniques. It's just that EMET is long in the tooth and it's time to update the counter-measures.

Re:Win10 can't have all EMET protections

Perhaps they are relying more on Defender in the future? Why would such announcement be made, unless the EMET 6.x ceases to be compatible with earlier Windows version or the EMET product is discontinued, or the functionality integrated into Defender? Compatibility issues alone make integration of the present EMET directly into Windows a really difficult proposition.

Nothing new

[OneHundredAndTen]

Just another EMETic product from Microsoft. They excel at that.

Rootkit Revealer

bring it back from the dead. you continue to ship it alone and within the free offering of SysInternals Suite. Development ceased years ago, yet you still distribute it! please bring back development of this important tool!

Re: Rootkit Revealer

Sorry. It made it too easy to reveal state sponsored rootkits and they didn't like that!

What's EMET?

Is it the word you write on the forehead of a golem to make it come alive?

Re:Win10 can't have all EMET protections

If you use EMET's built in protection functions, lots of software, Microsoft applications even, stop working.

It's a horribly designed POS.

Intel "CET" protection @ CPU level

Stack smashing protection in the CPU itself (not overwriteable iirc) vs. Return Oriented Programming "fishing around" to defeat ASRL protections I noted https://news.slashdot.org/comm... that I read about a while back...

ASRL is only a "delaying action" @ best when they chain a few asm 'hunters' together & start testing for where in memory a program or OS using it is placing call stacks 'randomly'.

Software protections FAIL here eventually due to said "fishing". Hardware mirrors won't & imo will be READ ONLY to software.

I heard tell INTEL has "CET" ready to build to do this in their next-gen CPU's & good for them - put those out already!

* Imo, that'd work & be a great layer of protection in the CPU itself (vs. software protections) via "shadow stacks"... & iirc, it's NOT implemented in CPUs yet. It should be.

APK

P.S.=> It'd stop TONS of "buffer overflow" type exploits as well as overriding function call tables in memory (which reminds me in a way of overriding jump tables which 'old-school' .exe infection viruses did) etc.... apk