Microsoft Antimalware ‘EMET’ is Vulnerable to Hacking Attacks From Within
Microsoft often swears by its Enhanced Mitigation Experience Toolkit (EMET) to protect businesses and users from malware but two researchers have found that EMET has a serious security vulnerability which could allow hackers to use the antimalware software against itself.
Earlier this week researchers at FireEye revealed that earlier versions of EMET have a key security weakness which allows hackers to use the free security tool to disable itself. Security specialists Abdulellah Alsaheel and Raghav Pande discovered that the portion of EMET’s code which is responsible for uploading the software can be used to disable EMET entirely, making the antimalware software completely useless.
They also revealed that they have been working with Microsoft ahead of the launch of the 5.5 version of EMET this month to create a patch which would solve this security threat. Thus, the security vulnerability cannot be exploited in the newest version of EMET, but older versions including 5.0, 5.1 and 5.2 which Microsoft still supports are not safe. In addition to this patch, EMET 5.5 boasts of additional support for Windows 10 and a host of other improvements and mitigation.
The researchers and Microsoft has urged its users to upgrade to the latest version of EMET. According to Microsoft, EMET works by anticipating “the most common actions and techniques adversaries might use in compromising a computer, and help protect by diverting, terminating, blocking, and invalidating those actions and techniques.”
Additionally, EMET can protect against some zero-day vulnerabilities though not all. Thus, EMET can “detect and block exploitation techniques that are commonly used to exploit memory corruption vulnerabilities” but on its own cannot provide full security. The free tool is meant to be only a way of putting additional barriers to malware attacks.
The fact that several versions of EMET could be bypassed or disabled by attackers has been known for several years. In 2014, researchers at Bromium Labs showed that they found a way to bypass EMET 4.1. Despite this, EMET remains a popular tool for Microsoft users, especially due to the fact that Microsoft provides the software for free.