EMET v4 released in beta
A new version of the Enhanced Mitigation Experience Toolkit (EMET) 4.0 is now in beta. EMET uses the necessary preventive methods to protect applications from various kinds of attacks, which are aimed at exploiting flaws in software and changing the flow of code execution. EMET helps protect applications, including from 0day exploits that can use ROP to bypass DEP and ASLR . The new version of EMET introduces a number of additional features that allow you to detect various scenarios of operation and compromise of applications.
Download distribution can be downloaded here . Installing EMET requires the .NET Framework 4.
New v4 features .
SSL / TLS Certificate Trust features
Additional features for managing SSL / TLS certificates for Internet Explorer and the creation of special rules. The ability to detect an attack of the MITM type (Man in the middle) when using third-party certificates (the ability to filter Root CA certificates based on the Key Size, Allowed Country options).
Strengthened mitigations, blocking bypasses
Includes new exploit blocking capabilities that take advantage of new versions of ROP (anti-EMET). In particular, several new handlers for the kernelbase! VirtualAlloc and ntdll! NtAllocateVirtualMemory functions were added , without which ROP mitigation could be bypassed. The “Banned API” feature allows you to block the DEP, ASLR bypass technique usingntdll! LdrHotPatchRoutine .
Audit Mode
Allows you to disable the ability to complete an EMET-controlled process in which an operation attempt was noticed (by default).
More information about EMET settings and their decryption here (v3.5).
The official release of EMET v4.0 is expected May 14, 2013.
Download distribution can be downloaded here . Installing EMET requires the .NET Framework 4.
New v4 features .
SSL / TLS Certificate Trust features
Additional features for managing SSL / TLS certificates for Internet Explorer and the creation of special rules. The ability to detect an attack of the MITM type (Man in the middle) when using third-party certificates (the ability to filter Root CA certificates based on the Key Size, Allowed Country options).
Strengthened mitigations, blocking bypasses
Includes new exploit blocking capabilities that take advantage of new versions of ROP (anti-EMET). In particular, several new handlers for the kernelbase! VirtualAlloc and ntdll! NtAllocateVirtualMemory functions were added , without which ROP mitigation could be bypassed. The “Banned API” feature allows you to block the DEP, ASLR bypass technique usingntdll! LdrHotPatchRoutine .
Audit Mode
Allows you to disable the ability to complete an EMET-controlled process in which an operation attempt was noticed (by default).
More information about EMET settings and their decryption here (v3.5).
The official release of EMET v4.0 is expected May 14, 2013.