EMET 5.5 released

    Microsoft updated EMET to version 5.5 [ 1 , 2 , 3 , 4 , 5 , 6 ]. The new version of the tool can be said at this link . As we have already indicated in the beta information, a significant security feature called “Block Untrusted Fonts” was added to the tool to counter Local Privilege Escalation (LPE) exploits that are used by malware and RCE exploits to enhance their rights in the system. We are talking about protection against LPE exploits that use specially crafted font files to trigger vulnerabilities in the win32k.sys driver.

    image

    Unfortunately, the new feature is available only to users of Windows 10, because its implementation relies on new features of the OS kernel, available only in this one. EMET 5.5 is the first release version of the tool, which adds support for Windows 10.


    Fig. The “Block Untrusted Fonts” function is enabled for the entire system and will block attempts to load TTF files located outside the% windir% / fonts directory into the process memory.

    Also popular now: