Wednesday, 4 November 2015

Researchers Bypass Microsoft's EMET Security

Researchers have succeeded in the EMET security tool to circumvent Microsoft by a Windows Component are used to make 32-bit software on a 64-bit operating system running. EMET stands for Enhanced Mitigation Experience Toolkit (EMET) and provides Windows and applications from an additional layer of security.

This extra layer to make it harder for attackers to attack both known and unknown vulnerabilities in the operating system or installed programs or plug-ins. Researchers at Duo Security, however, found a way (pdf) to bypass the security of EMET.The attack is possible by WoW64 subsystem of Windows.

This system acts as a compatibility layer between 32-bit software and 64-bit Windows versions. While most Windows versions are now 64-bit, most Internet users still use 32-bit browsers. Research by Duo Security found that 80% of browsers on 64-bit Windows versions is a 32-bit process. For these browsers on a 64-bit system to use the "Windows on Windows" (WoW) used low.

The security measures EMET offers in WoW64 subsystem less effective. In the case of the attack Duo Security developed there may eventually be a 64-bit version will be attacked by a DLL, while WoW64 ensures that EMET only protects the 32-bit version of the file. To remedy this problem, Microsoft would have to make major changes to the operation of EMET.


Despite the successful attack the researchers state that EMET is still an important part of any security strategy. They also recommend the use of 64-bit software, because some parts of this abuse makes little trickier and other offers security advantages. Users and administrators also be advised where possible, true 64-bit software to run on 64-bit Windows versions.

No comments:

Post a Comment