EMET 4.0 Enables Certificate Pinning to Defeat MITM Attacks

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Threat Post said:
Microsoft later this month will release a new version of its EMET protection tool, and this iteration will include a certificate pinning feature that will enable users to associate a specific certificate with a given certificate authority. The feature is designed a defense against man-in-the-middle attacks that use forged certificates to redirect users or intercept protected traffic.

EMET is a toolkit designed specifically to help prevent certain kinds of exploits from working on protected applications. For example, users can deploy EMET to get the advantages of DEP or ASLR in applications that were not compiled with those exploit mitigations enabled. The new version of EMET is due May 28 and is beta trim right now. The addition of certificate pinning is a significant one, although the feature only works by default when users are browsing with Internet Explorer.

Certificate pinning is a technique that can be used as a defense against attacks that take advantage of users’ trust in certificates and CAs, a trust that has been exploited many, many times in recent years. The compromises of Comodo, DigiNotar and other CAs have exposed the cracks in the CA infrastructure that have been there since its inception but rarely are noticed by anyone outside of the immediate vicinity. Attackers have discovered ways to issue fraudulent certificates to themselves for various important sites, notably Google, Mozilla, Yahoo and others.

Some of those attacks would not have been as damaging as they were if the users on the other end of the Web connection from the fake certificates had certificate pinning available. That defense would have allowed users to pin the Google SSL certificate to the Google Internet Authority, which issues the company’s legitimate certificates. EMET, which is meant as an enterprise tool, can help organizations fix that situation.

“EMET 4.0 comes with Certificate Trust enabled by default, including a set of pre-configured websites for the most common domains used by Microsoft online services; nevertheless, since we believe that certificate pinning is a useful tool to detect MITM attacks targeting any domain and not just Microsoft services, we designed Certificate Trust totally configurable, in order to allow any user to configure custom pinning rules that will be enforced when browsing the web with Internet Explorer,” Elia Florio of Microsoft wrote.

Read more: http://threatpost.com/microsoft-emet-4-0-enables-certificate-pinning-to-defeat-mitm-attacks/
 
N

Nige_40

It should be Interesting to see on how that works I've got EMet 3.0 and I'm looking forward to get 4.0 when it gets pushed out.
 

Seany007

New Member
Verified
May 3, 2013
36
Official release delayed by two weeks to May 28, 2013... Let's hope that they won't delay it for even longer...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top