General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0

Today, we are excited to announce the general availability of Enhanced Mitigation Experience Toolkit (EMET) 5.0. EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping block and terminate the most common techniques adversaries might use in comprising systems. EMET 5.0 further helps to protect with two new mitigations, and with new capabilities giving customers additional flexibility on their deployments.

EMET helps to protect systems, even before new and undiscovered threats are formally addressed by security updates and antimalware software.

This is what some customers have said about EMET:

"EMET is not a policy-changing tool, but it might just be that additional piece of security software that is worth investing in.” – Wolfgang Kandek, Qualys, Windows EMET Tool Guards Against Java Exploits, 2014

“(The Java- and plugin-blocking feature should) effectively stymie most of the historical attack methods related to Java and Flash. Those two applications have historically caused a lot of heartburn for security teams." – Andrew Storms, CloudPassage, Windows EMET Tool Guards Against Java Exploits, 2014


Let’s take a look at some of the key new capabilities in EMET 5.0:

Two new mitigations further expand EMET protections

Enhanced with the feedback that we received from EMET 5.0 technical preview participants, two new mitigations become generally available today.

First, the new Attack Surface Reduction (ASR) mitigation provides a mechanism to help block specific modules or plug-ins within an application, in certain conditions. For example, customers can now configure EMET to prevent their browser from loading Java plug-ins on external websites, while still continuing to allow Java plug-ins on their internal company websites.

Second, the brand new Export Address Table Filtering Plus (EAF+) mitigation introduces two new methods for helping disrupt advanced attacks. For example, EAF+ adds a new “page guard” protection to help prevent memory read operations, commonly used as information leaks to build exploitations.

Also, with 5.0, four EMET mitigations become available on 64-bit platforms. You can read more on that and find a deep dive of all the new features on our Security Research and Defense (SRD) Blog.

New configuration options deliver additional flexibility

EMET 5.0 offers new user interface (UI) options so that customers can configure how each mitigation applies to applications in their environment, taking into account their enterprise frameworks and requirements. For example, users can configure which specific memory addresses to protect with the HeapSpray Allocation mitigation using EMET 5.0. We continue to provide smart defaults for many of the most common applications used by our customers.

Many enterprise IT professionals deploy EMET through Microsoft System Center Configuration Manager and apply Group Policies in Windows Active Directory to comply with enterprise account, user, and role policies. With version 5.0, propagating EMET configuration changes via Group Policy becomes even easier, as we have improved how EMET handles configuration changes, when applied in an enterprise network.

The new Microsoft EMET Service is another feature our enterprise customers will find helpful in monitoring status and logs of any suspicious activity. With this new service, our customers can use industry standard processes, such as Server Manager Dashboard of Windows Server, for monitoring.

Additionally, with EMET 5.0, we have improved the Certificate Trust feature, allowing users to turn on a setting, in order to block navigation to websites with untrusted, fraudulent certificates, helping protect from Man-In-The-Middle attacks.

New default settings provide protections from the get-go

EMET’s Deep Hooks capability helps protect the interactions between an application and the operating system. In EMET 5.0, Deep Hooks is turned on by default, helping provide stronger protections by default. Furthermore, this default setting is now compatible with a wider range of productivity, security and business software.

Since we released EMET 5.0 Technical Preview in February this year, our customers and the community showed strong interest. Through user forums and Microsoft Premier Support Services, which assists enterprise EMET users, we received valuable feedback to shape the product roadmap ahead.

In the same lines, we invite you to download EMET 5.0 and let us know what you think.

Protect your enterprise. Deploy EMET today.


Chris Betz
Senior Director, MSRC