Microsoft Releases Enhanced Security Tool
The EMET 2 tool is designed to help developers improve application security, particularly for older programs
Microsoft released an updated version of a tool kit on 2 September to help developers make their applications more secure.
With the Enhanced Mitigation Experience Toolkit (EMET) 2, Microsoft said, developers can bring technologies such as dynamic data execution prevention to bear to improve security, particularly for older programs that cannot be recompiled to opt in to the security technologies.
The updated tool kit features a total of six mitigations, including two new ones: Export Address Table Access Filtering and Mandatory Address Space Layout Randomisation.
Legacy products
Export Address Table Access Filtering “is designed to break nearly all shellcode in use today” as it “blocks a common technique shellcode uses” to locate Windows APIs, Microsoft said on 5 August. The Mandatory Address Space Layout Randomisation mitigation works by “[forcing] modules to be loaded at randomised addresses for a target process regardless of the flags it was compiled with.”
“By deploying these mitigation technologies on legacy products, the tool can also help customers manage risk while they are in the process of transitioning over to modern, more secure products,” said a Microsoft Security Research & Defense post on 2 September. “In addition, it makes it easy for customers to test mitigations against any software and provide feedback on their experience to the vendor.”
Secunia security researchers revealed in a 1 July report that many application developers were not taking advantage of protections Microsoft put in place to prevent attacks. According to the Secunia report, many developers have improperly implemented Address Space Layout Randomisation in their programs. The report also found developers have done a poor job of implementing Microsoft’s DEP (Data Execution Prevention) protections as well.
“I applaud Microsoft for their continued release of tools such as this,” Forrester Research analyst Mike Gualtieri said. “Unfortunately, I think is mostly falls on deaf ears since most developers I speak with pay only lip service to the idea of more secure applications.”
Microsoft has published a video demonstration of using the tool that can be viewed here.