Microsoft implements EMET in Redstone 3

Status
Not open for further replies.

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
DCnkbtxXgAIARRn.jpg


Enhanced Mitigation Experience Toolkits (EMET) are known to provide both application and system protection in Windows by looking inside the operating system and searching for security exploits. According to Microsoft, it also helps “protect against new and undiscovered threats even before they are formally addressed through security updates or antimalware software.” While a EMET toolkit is available as a separate download, reports show Microsoft is apparently planning to build EMET security tools into the Windows 10 Fall Creators Update.

Fueling the report is a tweet from Alex Ionescu, who describes himself as a “Windows Internals Expert, Security Ninja, and Embedded ARM Kernel Guru.” Ionescu provides a screenshot in his tweet, showing that EMET is built into the kernel of the Windows 10 Fall Creators Update. Interestingly, two security researchers from Microsoft’s Research team also picked up and retweeted the tweet, perhaps further suggesting that the feature is indeed coming to RS3.

Though it seems a bit technical, here is a bit more on EMET, as detailed by Microsoft. Microsoft’s EMET toolkit works on Windows 10 , Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Vista.

The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

It’s not exactly clear which build Alex Ionescu was running, but we reached out to him for a comment. As the WannaCrypt attacks showed, we live in a time when cyber attacks, malware, adware, and security exploits are ever so more common. While not official, it is still fitting to hear that Microsoft is perhaps making moves to make Windows 10 more secure. We will be keeping an eye on this, so be sure to stay tuned for more.

Update: We received a response back from Alex Ionescu. He tells us that all Windows builds have a kernel, and it’s always the same as the build of the OS. The mentioned changes are new to build 16125.

Source
https://www.onmsft.com/news/microso...ecurity-tools-into-windows-10-with-redstone-3
 

ncage

Level 3
Verified
May 20, 2017
103
Enhanced Mitigation Experience Toolkits (EMET) are known to provide both application and system protection in Windows by looking inside the operating system and searching for security exploits

Great news thought the author of the article needs to get his facts straight :). EMET does not look inside the OS and search for exploits. It sounds like its a scanning service which it is not. It just protects processes from coming exploiting vectors like ROP attacks or forcing a program to use ASLR so its harder to find in memory.

I'm curious if they are integrating it in if they will have some form of GUI for it. If they don't that means either they are going to enforce it which means there is going to be a lot of broken software or it will only work on system services / programs which would be a shame because anything not developed by microsoft would be more vulnerable by default (chrome vs edge).
 
D

Deleted member 178

Well I know that it is definitely not in the cards for basic Windows 10 systems like Pro, Home etc. but wouldn't it be something of a windfall for security if they also threw Device Guard in the works too.
I think it will be for home users as well: Process Mitigation Management Tool

I'm curious if they are integrating it in if they will have some form of GUI for it. If they don't that means either they are going to enforce it which means there is going to be a lot of broken software or it will only work on system services / programs which would be a shame because anything not developed by Microsoft would be more vulnerable by default (chrome vs edge).
i believe it will be integrated into Windows Defender Security Center, and seems to have options for the user to select.
 

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
I'm curious if they are integrating it in if they will have some form of GUI for it. If they don't that means either they are going to enforce it which means there is going to be a lot of broken software or it will only work on system services / programs which would be a shame because anything not developed by Microsoft would be more vulnerable by default (chrome vs edge).
I am not sure, but knowing Microsoft and their philosophy I think the main components will have the ability to be turned on/off. Anything more than that will be left out of sight from an average user, like MS did with Windows Defender in Windows 10. (There are only a few options you can control from a Windows Defender Security Center but if you go to GPE you will find a lot of fine-tuning options).
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Here's a screenshot
DDhiCYnXUAAHPwm.jpg:large


Really excited about "Force randomization for images". In the past, no matter what I would do, I could not force processes to do so that didn't support /DYNAMICBASE.
I wonder how well this will work with MBAE, whether it makes it redundant or whether they complement each other.
 
  • Like
Reactions: ZeroDay and SHvFl
5

509322

Here's a screenshot
DDhiCYnXUAAHPwm.jpg:large


Really excited about "Force randomization for images". In the past, no matter what I would do, I could not force processes to do so that didn't support /DYNAMICBASE.
I wonder how well this will work with MBAE, whether it makes it redundant or whether they complement each other.

Microsoft has not officially stated that it will be made available on Windows 10 Home. Until Microsoft states that, then I would not count chickens before the eggs hatch.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Microsoft has not officially stated that it will be made available on Windows 10 Home. Until Microsoft states that, then I would not count chickens before the eggs hatch.
Now that you mention it. :( Well I hope it will be available for Pro at least.
 
  • Like
Reactions: SHvFl
5

509322

Now that you mention it. :( Well I hope it will be available for Pro at least.

There is a linked video somewhere. In the discussion there is an indirect reference to Pro. The rest of the video is explicitly Enterprise\Education.
 
  • Like
Reactions: ZeroDay
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top