Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Extends EMET End of Life Date (itnews.com.au)

Posted by msmash on from the some-relaxation dept.

An anonymous reader writes: Microsoft will continue to support and provide security patches for its Enhanced Mitigation Experience Toolkit security software for Windows until July 31 2018, after taking customer feedback into account. EMET is a security utility software popular with enterprise customers running supported versions of Windows. It uses mitigation techniques to block attackers from exploiting vulnerabilities in software. The company's lead program manager for operating system security, Jeffrey Sutherland, said while EMET 5.5x will continue to be supported for another 18 months after the original end of life date of January next year, Microsoft recommended customers migrate to Windows 10 for improved security.

9 of 32 comments (clear)

  1. Let me get this straight. by techno-vampire · · Score: 2, Interesting

    EMET doesn't block malware from exploiting vulnerabilities, it tries to prevent malware from doing any damage after it gets through. If so, that's not at all unreasonable. You can't ever block all possible holes; at best, you can block the ones you know about, but you can add an extra layer of protection to the programs and files that malware targets. If so, that even gives you a little bit of protection against zero day exploits, because it doesn't do crackers any good to get in if they can't steal or corrupt your data.

    --
    Good, inexpensive web hosting
    1. Re:Let me get this straight. by johnfordparm · · Score: 1

      Good to hear

    2. Re:Let me get this straight. by jbmartin6 · · Score: 1

      Not sure why you say this. EMET is explicitly designed to prevent the exploitation of vulnerabilities, and can't do anything about damages if one is exploited.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    3. Re:Let me get this straight. by EndlessNameless · · Score: 2

      I have no idea why this was modded up when it so obviously wrong.

      If you understand how the product works (at a level that allows you to configure it properly), you know that it is doing exactly that. It prevents malware from exploiting existing vulnerabilities. This protection can be applied to Windows itself as well as 3rd-party applications.

      As with any security hardening, there is a substantial risk of compatibility issues. Testing and policy exclusions will be necessary in any real production environment.

      And lest there be an argument:

      "The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited."

      From the actual EMET support page at https://support.microsoft.com/... (which took half a second to google)

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  2. Re:after taking customer feedback into account by sexconker · · Score: 2

    EMET isn't worthless. It's good for forcing protections on sloppy shit and for enforcing certificate pinning.
    You have to actively configure EMET for it to actually do anything worthwhile, though.

  3. Nothing new by OneHundredAndTen · · Score: 1

    Just another EMETic product from Microsoft. They excel at that.

  4. Re:Quite a Name by nine-times · · Score: 1

    It's from the same company that brought you "Windows Genuine Advantage", the purpose of which had nothing to do with being "genuine", and was in no way advantageous. (In case you're not familiar, the purpose of WGA was to detect whether your licensing was in order, and if not, break Windows.)

  5. Re:How about just FIXING THE BUGS by EndlessNameless · · Score: 1

    A mitigation offers protection against unpatched and unknown bugs.

    This is especially important because most bugs are known for a significant period of time before a patch can be written and tested by the vendor. Even if Microsoft discovers a bug itself and patches it before CVE publication, it is still possible for an outside entity to have discovered and exploited that bug beforehand.

    Also, some attackers are reverse engineering patches to develop malware. In most enterprises there is a noticeable gap between patch release and 100% deployment. Mitigations offered by EMET, IPS, antivirus, etc are crucial during this testing/rollout window.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  6. Re:How about just FIXING THE BUGS by edtice1559 · · Score: 2

    The purpose of EMET is not to prevent exploitation of vulnerabilities in Microsoft software. It's for helping you deal with third-party software that doesn't have their own mitigation techniques built-in. Microsoft has updated all of it's software years ago to enable everything that's in EMET. The reason for dropping EMET is that adversaries have gotten quite good at getting around the EMET protections. The recommendation is to move to Windows 10 where you get much better protection without the need to use EMET. Stack cookies, control flow guard, delayed memory freeing, et cetera. You're never going to fix every bug, so you need mitigation techniques. It's just that EMET is long in the tooth and it's time to update the counter-measures.