Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: TechNet Blogs > Security Research & Defense > Announcing the upcoming

28 Jul 2010   #1

Win 7 Ultimate 64-bit. SP1.
TechNet Blogs > Security Research & Defense > Announcing the upcoming


TechNet Blogs > Security Research & Defense > Announcing the upcoming release of EMET v2

What is EMET?

In October 2009, we released a tool on this blog called EMET that provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited. It also responds to requests from customers to help manage risk in older, legacy products while they are in the process of transitioning over to modern, more secure products. Beyond that it makes it easy for customers to try mitigations against any software and provide feedback on their experience to the vendor.

What is new with version 2?

EMET sparked customer interest and based on the feedback that we received, we decided to release version 2 that includes more mitigations, a better interface, and a more robust infrastructure compared to the earlier version of EMET.

Our aim with this version is to provide an innovative solution that helps customers manage risk and minimize disruption in their environment. This is reflected in our goals for the release:

  • Leverage the tool for vulnerabilities under active exploitation to help customers prevent themselves from being exploited.
  • Give customers the ability to use newer mitigation technologies to help protect older applications that cannot be recompiled to opt into them.
  • Provide a central interface to make it easier for users to manage both system and application mitigations.

These new goals increase the scope of EMET significantly from version 1. As a result, the old definition of EMET (Enhanced Mitigation Evaluation Toolkit) is no longer a good fit. With version 2, we are changing the EMET acronym to stand for Enhanced Mitigation Experience Toolkit to reflect this.

How can I benefit from it?

While EMET can be used by anybody, it is primarily targeted at protecting applications on machines that are at high risk for attack. Good examples include line of business applications on backend servers and browsers on the desktops of corporate executives. These are scenarios where an application compromise could be particularly damaging.

As with most software, deploying this tool will likely involve an individual, such as an IT professional, testing to ensure that EMET works smoothly with applications where the mitigations are desired (like line of business applications and 3rd party products). Once in place, EMET will be transparent to the end user.

That said of course EMET is also ideal for any security savvy user wishing to harden the apps they use against possible exploitation. Developers and security professionals can also use it as a convenient way to try out security mitigations.

Can you give an example where mitigations have helped in the past?

During the Aurora outbreak back in January 2010, Data Execution Prevention and Address Space Layout Randomization (two types of mitigation technologies) played an important in blocking known attacks. You can find more information on these SRD blog posts IE Vulnerability Risk Accessment and DEP and the New IE Vulnerability
More -
Announcing the upcoming release of EMET v2 - Security Research & Defense - Site Home - TechNet Blogs

My System SpecsSystem Spec

 TechNet Blogs > Security Research & Defense > Announcing the upcoming

Thread Tools

Similar help and support threads
Thread Forum
DMCA rules updated to give security experts legal backing to research
Read more: US DMCA rules updated to give security experts legal backing to research | ZDNet
Upcoming change to release schedule for non-security Office updates
Source: Upcoming change to the release schedule for non-security updates | Office Updates
Windows 7, No Security Barriers, Just Defense in Depth
Source - Windows 7, No Security Barriers, Just Defense in Depth Mitigations - Protecting users is a top priority, says Pete LePage - Softpedia
Upcoming Action Center Changes for Security Vendor Soft

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:22.
Twitter Facebook Google+