Microsoft's malware mitigator refreshed, but even Redmond says it's no longer needed

EMET 5.5 is upon us, complete with Windows 10 support

Microsoft's enhanced mitigation toolkit (EMET) has been updated with support for Windows 10, but the company says you don't really need to download it any more.

The defence tool is Microsoft's way of re-enforcing Windows versions from Vista to 8.1. Available since 2009, the tool has introduced the latest mitigation techniques to stymie common attacks including address space layout randomisation and data execution prevention.

Version 5.5, released this week, adds official support for Windows 10 (although previous versions did support the operating system).

Over time security technologies have been copied from EMET and baked into Windows, alongside many other security improvements, making it a less critical feature than in previous years.

"[It] helps enterprises better protect their Windows clients by providing an interface to manage built-in Windows security mitigations while also providing additional features meant to disrupt known attack vectors used by prevalent malware," Microsoft's security wonks say.

"Since that time, we have made substantial improvements to the security of the browser and the core OS.

"With Windows 10 we have implemented many features and mitigations that can make EMET unnecessary on devices running Windows 10.

The latest EMET introduces improved configuration through group policy, the blacklisting of untrusted fonts, better registry writing, and Export Address table Filtering pseudo-mitigation performance improvements.

It also grants Control Flow Guard protection for third party software not yet using once-bypassed exploit protection introduced in Windows 8.1 updates and present in Windows 10.

Control Flow Guard is one of the three that Microsoft cites as having made its way from EMET into Windows and injects a check before indirect-calls are made in code such to ensure that they call known safe locations. If that's not the case, programs are closed.

AppLocker is another Windows security feature from EMET, and helps stop most unathorised users from executing certain apps within a network. Paired with an enterprise application whitelist like Device Guard, AppLocker can ensure only trusted apps run.

EMET may be powerful, but like most other security controls has previously been bypassed. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2022