New
#1
A bit more about EMET from the Security Research and Defense blog: The Enhanced Mitigation Experience Toolkit 2.0 is Now Available
Read more:Microsoft and Adobe Systems have announced that a recently released Microsoft toolkit can be used to block zero-day attacks targeting a security flaw in Adobe's Acrobat and Reader programs.
In its advisory, Microsoft says the following:
"In order to enable EMET for Adobe Reader and Acrobat you have to install EMET and run the following simple command line as an Administrator. Please note the path to the Adobe Reader and Acrobat could be different in your system (especially if you are not using a 64 bit system).
C:\Program Files (x86)\EMET>emet_conf.exe --add "c:\program files (x86)\Adobe\Reader 9.0\Reader\acrord32.exe"
The changes you have made may require restarting one or more applications
Microsoft, Adobe: PDF security flaw treatable | Security - CNET News
A bit more about EMET from the Security Research and Defense blog: The Enhanced Mitigation Experience Toolkit 2.0 is Now Available
Microsoft's anti-exploit toolkit can help mitigate PDF zero-day attacks
Microsoft's anti-exploit toolkit can help mitigate PDF zero-day attacks | ZDNet
Microsoft is pushing its new Enhanced Mitigation Experience Toolkit (EMET) as a temporary mitigation for the ongoing attacks against a zero-day vulnerability in Adobe’s PDF Reader/Acrobat products.
The EMET utility, which effectively backports anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows, would force the relocation of non ASLR-aware DLLs in Adobe’s products.
Here is some more information on EMIT that I found...
Thanx for the link Corrine, I was wondering what it looked like...yes, I still need to put it in. When time permits....
Read more:EMET supports both 32- and 64-bit applications and activates specific protection mechanisms in compiled binaries. It adds the following mitigations to applications that do not support them natively:
- Structured Error Handling Overwrite Protection (SEHOP) prevents Structured Exception Handling (SEH) overwrite exploitation by performing SEH chain validation.
- Dynamic Data Execution Prevention marks portions of a process’s memory non-executable, making it difficult to exploit memory corruption vulnerabilities.
- NULL page allocation allocates the first page of memory before program initialization and blocks attackers from taking advantage of NULL references in user mode.
- Heap Spray Allocation pre-allocates memory addresses to block common attacks that fill a process’s heap with specially crafted content.
- Mandatory address space layout randomization (ASLR), as well as non-ASLR-aware modules on Windows Vista, Windows Server 2008 and Windows 7.
- Export address table (EAT) uses hardware breakpoints to filter access to the EAT of kernel32.dll and ntdll.dll, blocks access if the instruction pointer is not inside a module, and breaks current common metasploit shellcodes.
Microsoft's anti-exploit toolkit can help mitigate PDF zero-day attacks | ZDNet