EMET 3.0 Security Tool for Microsoft Windows Released

• By Kurt Mackie
• 05/15/2012

Microsoft has updated its anti-exploit tool designed to provide security for a variety of applications running on Windows systems.

The Enhanced Mitigation Experience Toolkit 3.0 (EMET 3.0) is available at no cost and can be downloaded at Microsoft's site. EMET 3.0 offers a general-protection approach that thwarts hacker's exploitation code. The toolkit works with all versions of Windows that Microsoft supports -- including server and client versions -- and works with the Windows 8 consumer preview beta, according to an announcement from Microsoft.

EMET 3.0 doesn't block specifically known exploits or provide security patches. Instead, the toolkit blocks or "mitigates" known hacking techniques used to attack software. Microsoft describes the toolkit as a bundle of "pseudo-mitigation technologies," and claims that the toolkit can protect older software that lacked certain security protections.

"The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques," Microsoft's download page explains. "These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use."

EMET was formerly an "unsupported" Microsoft tool, which means Microsoft had not conducted extensive testing on the solution. According to the company, version 3.0 is officially supported. Microsoft also made the tool more user friendly for enterprise environments. For example, EMET 3.0 now can be deployed, monitored, and managed using Group Policy and Microsoft System Center Configuration Manager.

One new reporting improvement added to EMET 3.0 is called the "notifier," which starts with Windows and writes information to the Windows event log. Events are flagged in the application log, but important events also are shown in the taskbar notification area. The tool will log an error message in the taskbar when an exploit is blocked, listing the application that was stopped.

EMET 3.0 also includes a configuration improvement for accessing protection profiles. Protection profiles are XML files used to help protect applications. Microsoft ships EMET with three default protection profiles: one for Internet Explorer, one for Microsoft Office and a third for "common home and enterprise applications." With version 3.0, Microsoft allows IT pros to point to these protection profiles, or custom ones, using wildcard characters, such as the "*" symbol. IT pros don't have to type the whole URL path to the protection profile to protect an app.

EMET 3.0 can be installed on top of the previous 2.1 release and existing rules that were created should still work, according to Suha Can of the Microsoft Security Response Center engineering team, in Microsoft's announcement.

Additional help for EMET can be found a Microsoft's support forum page.