This article is more than 1 year old

Microsoft gives EMET divine powers to repel God Mode attack

Redmond's defence toolkit gets a good-to-have upgrade

Microsoft has released an update to its Enhanced Mitigation Experience Toolkit (EMET) that kills off an attack known as God Mode and improves Windows' defensive capabilities.

The toolkit is designed to better protect Windows systems by diverting, terminating, and blocking the most common attacks. It hardens legacy applications and supports defensive techniques including structured Exception Handler Overwrite Protection, Data Execution Prevention, and Mandatory Address Space Layout Randomisation.

EMET version 5.2 includes three new and updated elements including Attack Surface Reduction which sports improved configuration to stop attempts to run the VBScript extension when loaded in the Internet Explorer's Internet Zone.

Redmond says this update kills the 'VBScript God Mode' exploitation technique used in "recent" attacks.

The toolkit now supports alerting and reporting from Internet Explorer with Enhanced Protected Mode mode enabled.

The final improvement includes Control Flow Guard for native DLLs such as EMET.DLL recently introduced into Microsoft Visual Studio 2015.

The feature is supported by Windows 8.1 and Windows 10 and helps stop code hijacking.

Microsoft "strongly urges" developers to use the technology.

EMET is a dynamic tool that follows a cycle of being bypassed by researchers and subsequently improved by Redmond. It is credited with increasing the cost of attacks against Windows systems from version 7 to 10. ®

More about


Send us news

Other stories you might like