The Enhanced Mitigation Experience Toolkit, best known as EMET, helps raise the bar against attackers gaining access to computer systems. Since the first release of EMET in 2009, our customers and the security community have adopted EMET and provided us with valuable feedback. Feedback both in forums and through Microsoft Premier Support Services, which provides enterprise support for EMET, has helped shape the new EMET capabilities to further expand the range of scenarios it addresses.
Today, we will be talking about how we are taking our community driven and customer focused approach even further. We will cover both the present version (4.1) as well as the future versions (5.0 Technical Preview and beyond) in detail next.
What you are about to read is the outcome of our work over the past couple of months listening to customer and community feedback. Keep in mind that we are always working on new things, so… stay tuned! 🙂 As always, please let us know what you think.
– The EMET Team
EMET 5.0 Technical Preview available on Microsoft Connect
The release of EMET 5.0 Technical Preview in late February had a tremendous response from customers and the industry. We have received a lot of feedback on the new features and how they can be further improved. We believe EMET is and should continue to be customer-driven, where the feedback we receive is an integral part of our development process. In order to facilitate and streamline the communication between you (our beloved customers) and us (the EMET team), we have decided to create a project on Microsoft Connect for EMET 5.0 Technical Preview. Simply access the Microsoft Connect tool to download packages – which will be released periodically and frequently – and have a taste of what is coming up for EMET 5.0. What is great about this new tool is that, you will able to provide direct feedback, respond to surveys, and find all the new additions.
The first download package for EMET 5.0 Technical Preview is already available, and it includes fixes for many items reported to us. Please subscribe to the Microsoft Connect for EMET 5.0 Technical Preview (you will need a Microsoft Account for that), download the installation package and continue to send your great ideas to us.
EMET 4.1 Update 1
Today, we are releasing EMET 4.1 Update 1, which contains improvements and bug-fixes. More details on the list of the introduced improvements are available at this KB article. These improvements are the outcome of the feedback you have given us and the forward thinking work we continue to do. We recommend all EMET 4.1 customers download this new version and install it, since the benefits of all these improvements are noticeable. The upgrade experience is seamless, as all the current settings can be kept as-is by choosing “Keep Existing Settings” option during the install process. We also recommend all EMET 3.0 and 4.0 customers to upgrade to EMET 4.1 Update 1 (remember EMET 3.0 will go out of support next June!).
Certificate Trust default rules update
With EMET 4.0, we introduced the Certificate Trust, which is a feature that detects Man in the Middle attacks that leverage maliciously-issued SSL/TLS certificates. The feature works through a configurable certificate-pinning mechanism, which binds the certificate for a specified website to a trusted Root Certificate Authority (Root CA). This feature comes pre-configured with a set of rules related to authentication portals for Microsoft services and other third-party services. These default rules used in Certificate Trust don’t require frequent updates. It can happen, however, that an organization decides to renew its SSL/TLS certificate, for different reasons (e.g. natural aging of the certificate, change in their PKI infrastructure, response to a security incident, etc.). When a change like this occurs, the renewed SSL/TLS certificate may be issued under a different Root CA not included in the default Certificate Trust configuration, resulting in EMET detecting the new certificate as malicious.
Since several SSL/TLS certificates for many popular third-party websites were recently updated, we are releasing an easy to install Fix it solution that will update the default Certificate Trust rules, while maintaining the ones that you have manually added. The Fix it can be either installed on a standalone machine by just double-clicking it, or it can be silently deployed throughout a network with your favorite deployment mechanism. If you have just downloaded and installed EMET 4.1 Update 1 you don’t need to apply this Fix it solution as the new rules are already included. You can use the link below to download this solution:
Fix this problem
Microsoft Fix it 51012