Even "EMET" is not infallible!!

[Venustus]

Content source

http://threatpost.com/latest-microsoft-100000-bounty-winner-bypasses-aslr-dep-mitigations/104328

LATEST MICROSOFT $100,000 BOUNTY WINNER BYPASSES ASLR, DEP MITIGATIONS

Yang Yu is no stranger to writing mitigation bypasses for Microsoft Windows products.
A year ago at the CanSecWest conference in Vancouver, the 35-year-old security researcher from Beijing did an extensive presentation on bypassing Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) without return-oriented programming. ASLR and DEP are memory protection and code execution mitigations native to the Windows operating system.

More

 

[Exterminator]

Congrats to Yang Yu! Think Microsoft would just hire the guy or at least buck up a little more cash.$100,000 to Microsoft is like me giving a bounty for $10.

 

[Shaun]

$10? who I gotta kill?

$10 gets you a lot of jelly beans

 

[Ink]

I like this guys quote: “I think vulnerabilities are like bullets, and mitigation bypass techniques are like guns,” Yu said. “Trying to stop so [many] bullets is never better than destroying the gun.”