Microsoft EMET blocks 'VBScript God Mode'
Microsoft has updated its exploit blocker Enhanced Mitigation Experience Toolkit (EMET) to version 5.2 with some welcome tweaks and enhancements.
The Attack Surface Reduction mitigation has been extended to stop processes running malicious scripts via IE’s script engine. That’s good news as it’s a particularly powerful hack, and the basic "VBScript God Mode" idea has been around for quite some time.
EMET now fully supports alerting and reporting (Event logs, system tray icon) from Modern Internet Explorer, and desktop IE with Enhanced Protected Mode enabled. We’re surprised it’s taken so long, but the delay has only been in reporting: the core protection technologies have always worked just fine.
The latest EMET also employs a brand new protection technique called Control Flow Guard (CFG), which detects and blocks attempts to hijack its code.
CFG is only useful when running on a "CFG-Aware" version of Windows -- which, right now, means Windows 8.1 or Windows 10 Technical Preview -- but the program will still run correctly on Windows 7 or later.
Enhanced Mitigation Experience Toolkit 5.2 is available for download now.