388497775100610057orig
Security

Widespread exploits evade protections enforced by Microsoft EMET

It's bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.

Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus (EAF+). The exploits have been recently added to the Angler exploit kit.

Angler is one of the most widely used attack tools used by cybercriminals to launch Web-based, "drive-by" download attacks. It is capable of installing malware by exploiting vulnerabilities in users' browsers or browser plug-ins when they visit compromised websites or view maliciously crafted ads.

"The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion," the FireEye researchers said Monday in a blog post.

First released in 2009, EMET can enforce modern exploit mitigation mechanisms for third-party applications -- especially legacy ones -- that were built without them. This makes it much harder for attackers to exploit vulnerabilities in those programs in order to compromise computers.

While EMET is often recommended as a defense layer for zero-day exploits -- exploits for previously unknown vulnerabilities -- it also gives companies some leeway when it comes to how fast they patch known flaws.

In corporate environments, the deployment of patching does not happen automatically. Patches for the OS or stand-alone programs need to be prioritized, tested and only then pushed to computers, a process that can substantially delay their installation.

With widespread exploits now able to evade EMET mitigations, the tool should no longer be relied on to protect old versions of applications like Flash Player, Adobe Reader, Silverlight or Java until a company can update them.

Unfortunately, organizations are sometimes forced to keep old versions of browser plug-ins and other applications installed on endpoint computers in order to maintain compatibility with custom-made internal Web applications that haven't been rewritten in years.

"Applications such as Adobe Flash, web browsers, and Oracle Java should be patched routinely, prioritizing critical patches, or removed if possible," the FireEye researchers said. "Because the Web browser plays an important role in the infection process, disabling browser plugins for Flash or Silverlight may also reduce the browser attack surface."

IDG Insider

PREVIOUS ARTICLE

« Gigabyte just showed an eGPU with Thunderbolt/USB-C for easier laptop external graphics

NEXT ARTICLE

IDG Connect research suggests much security spending often sees little success »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?