Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Hackers Can Trick One of Microsoft's Security Tools to Disable Itself
#1
Researchers find simple Microsoft EMET exploit

Researchers from security firm FireEye have discovered a method through which malware can use Microsoft EMET to disable... Microsoft EMET.

Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a collection of security features packed into one single toolkit, which Microsoft has offered as an optional download through its official website.

The project launched in 2009, and at the start of February, Microsoft released EMET version 5.5, adding Windows 10 support, and a few bug fixes.

The particular trick that FireEye security researchers discovered revolves around the notion that to protect applications from a series of exploits, EMET loads DLLs (Dynamic Link Libraries) into the applications it needs to protect.

But as with any properly coded security anti-exploit security product, EMET also includes functions that unload those DLLs from the applications it injected.

Researchers discovered that this function can be modified and used against EMET itself, tricking the security tool into disabling global EMET protections.

FireEye says that this is not the first exploit that has been successful at disabling Microsoft's EMET security tool, but it's the easiest one to use.

FireEye says they've successfully tested the technique on EMET 4.1, 5.1, 5.2, and 5.2.0.1. Before going public with their findings, FireEye informed Microsoft of this issue, and a fix against this exploit was included in EMET 5.5, released earlier this month.

Besides the Windows 10 support, users now have a much better reason to update to the latest EMET version.

Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers now use Microsoft OneNote attachments to spread malware tarekma7 0 615 01-24-2023 , 10:21 AM
Last Post: tarekma7
  TikTok denies security breach after hackers leak user data, source code tarekma7 0 1,880 09-06-2022 , 10:19 AM
Last Post: tarekma7
  Microsoft Edge gets better security defaults on less popular sites tarekma7 0 738 08-08-2022 , 10:36 AM
Last Post: tarekma7
  Microsoft seizes sites used by APT15 Chinese state hackers mrtrout 0 965 12-07-2021 , 11:16 AM
Last Post: mrtrout
  Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds mrtrout 0 1,020 11-25-2021 , 02:58 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)