Microsoft's EMET 5.0 blocks vulnerable plugins
Microsoft has unveiled Enhanced Mitigation Experience Toolkit 5.0 (EMET), a free security tool which uses a variety of techniques to block common software exploits.
The update adds a new mitigation, Attack Surface Reduction (ASR), which prevents an application from running specific modules or plug-ins.
As an example, EMET 5.0 is configured to prevent Word, Excel and PowerPoint from loading the Flash plugin. This is very easy to do yourself -- go to Apps > Show All Settings > ASR, and add Flash.OCX to your chosen application -- and can be further tweaked for any other program, module or DLL you like.
Other improvements include Export Address Table Filtering Plus, an extension to the existing EAF mitigation which makes it even more difficult for an attacker to exploit common Windows structures.
Return Oriented Processing (ROP) mitigations can now protect 64-bit processes. Microsoft says it’s not detected ROP being used for 64-bit exploits, but at least they’re now prepared.
The previous EMET Agent has now been replaced by a Windows service ("Microsoft EMET Service"), which should improve reliability.
In addition, a range of general tweaks work to enhance EMET’s compatibility, reduce false positives, and better protect itself from attack.
Overall it’s a powerful and configurable tool which really can protect a PC from many zero-day threats. But you need to use it with care, at least initially: if (for example) you start blocking applications from using particular DLLs then it’s hard to predict what will happen.
Enhanced Mitigation Experience Toolkit 5.0 is available now for Windows Vista SP2 and later.