EMET

New Internet Explorer vulnerability affecting all versions of IE

Today we released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process. Proof-of-concept exploit bypasses ASLR and DEP The Metasploit project recently published an exploit for this vulnerability …

New Internet Explorer vulnerability affecting all versions of IE Read More »

On the effectiveness of DEP and ASLR

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today.  Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion …

On the effectiveness of DEP and ASLR Read More »

Updated EMET Version 2.0.0.3 Released

It’s recently come to our attention that some Enhanced Mitigation Experience Toolkit (EMET) v2.0 users may have potential issues with the update functionality of specific applications from Adobe and Google.  As a result, today we released a new version of EMET that will help ensure these updaters work as expected when EMET is in place for …

Updated EMET Version 2.0.0.3 Released Read More »

Internet Explorer の新たな脆弱性を調査中。セキュリティ アドバイザリ 2458511 を公開。

こんにちは。セキュリティレスポンス チームです。 日本時間の今朝、Internet Explorer の脆弱性に関する セキュリティ アドバイザリ 2458511 を公開しました。この脆弱性の主な影響は「リモートでのコード実行」で、サポートされるすべてのバージョンの IE が影響を受けます。現在のところ、限定的な攻撃を確認しています。   セキュリティ更新プログラムを公開する予定ですが、公開までの間、アドバイザリ に記載の回避策を検討してください。回避策にも含まれていますが、Internet Explorer 7 に対して DEP を有効にする (IE8 は既定で有効)、またマイクロソフトが公開した Enhanced Mitigation Experience Toolkit (EMET) を使用して DEP を有効にすることもできます。   EMET については、この Blog で一度も紹介していませんでしたが、簡単に説明すると、ASLR や DEP などのセキュリティ緩和技術 (計 6 つ) を、古い OS や任意のアプリケーションなどに対し設定できるツールです。今年 9 月に公開した V2.0 では GUI が追加されているので操作がより視覚的です。勿論、コマンドベースもサポートしているので、社内環境で複数台に設定を行う場合などはログオンスクリプト等としてクライアントに配布できます。   コマンドベースで IE に対して EMET を有効にする方法 …

Internet Explorer の新たな脆弱性を調査中。セキュリティ アドバイザリ 2458511 を公開。 Read More »

DEP, EMET protect against attacks on the latest Internet Explorer vulnerability

Today we released Security Advisory 2458511 notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions 6 and 7 on Windows XP.  Attacks would …

DEP, EMET protect against attacks on the latest Internet Explorer vulnerability Read More »

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP).   Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation.  However, this …

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit Read More »

The Enhanced Mitigation Experience Toolkit 2.0 is Now Available

Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0.  Users can click here to download the tool free of charge.     For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications.  This helps prevent …

The Enhanced Mitigation Experience Toolkit 2.0 is Now Available Read More »

Announcing the upcoming release of EMET v2

*** UPDATE: Version 2.0 of EMET is now available.  Click here to read more about it. *** What is EMET? In October 2009, we released a tool on this blog called EMET that provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent vulnerabilities in those applications (especially line …

Announcing the upcoming release of EMET v2 Read More »