Subscribe

Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts

Search

Archives

Microsoft’s best kept secret – EMET

Post image for Microsoft’s best kept secret – EMET

by Steve Wiseman on May 8, 2014 · 3 comments

in Microsoft,Tips,Tools


.

I have been using the Enhanced Mitigation Experience Toolkit from Microsoft for quite some time now (EMET).

It is a great way to keep yourself protected from the unknown – unknown and yet to be discovered flaws in Windows, and Windows applications.

What exactly is EMET?

Well it is a free tool that runs in the background, and does two major things:

It detects and prevents memory corruption vulnerabilities in software (Think buffer overflows):

EMET Memory Corruption Config

It provides certificate pinning in Internet Explorer:

EMET Certificate Pinning Config

Lets look at that first one – memory corruption.

If you had EMET installed on your machine, and someone tried to exploit the recent vulnerability found in all versions of IE. EMET would have blocked it for you.

Think about that for a moment. A vast majority of serious security flaws are allowed via some type of memory corruption.

If you run EMET, you are protected from a good portion of them – before the good guys even know it is a problem.

How about that second feature, certificate pinning?

Big sites like Gmail, Facebook, Amazon – all are big targets. What happens when someone is able to forge a certificate for one of those sites? They could easily perform a “man-in-the-middle” attack against you.

And the whole time your browser would tell you that the certificate was fine.

Meanwhile the bad guys are seeing your traffic in the clear. Obtaining your username and password so they can do what they want.

If you were running EMET, it would give you a warning right away like this:

Certificate pinning notification

As you can see I gave it a bogus Certificate Authority for secure.intelliadmin.com (The one for Facebook).

These two simple things provide a serious amount of protection.

Best of all it is totally free!

Get a free copy of EMET 4 from the Microsoft:

EMET 4 Download

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 3 comments… read them below or add one }

1 Mike Peck May 9, 2014 at 12:08 am

Hi Steve,

Been using EMET for a while now. It really is a great tool. These days anti-virus software is practically useless. Why? They block programs like yours all the time with false positives. Then at the same time they constantly let the bad stuff through. If you are a user who is good about not installing any old thing from the net, EMET is a great way to protect yourself.

2 Julian Maples May 10, 2014 at 5:26 am

I have had to uninstall Emet because it stopped Microsoft Word and Excel from starting. Please feed that back to Microsoft.

3 Steve Wiseman May 10, 2014 at 3:14 pm

Hello Julian,

I would check your add-ins – it is possible one of them is triggering something in EMET.

Leave a Comment

Category Links - Windows Forum - Exchange Forum