Researchers announced that Microsoft Corporation (NASDAQ:MSFT)’s Enhanced Mitigation Experience Toolkit (EMET) has a serious security vulnerability which could allow hackers to use the antimalware software against itself.
Earlier this week researchers at FireEye Inc., a computer security company based in Milpitas, California, have revealed that earlier versions of EMET have a key security weakness which allows hackers to use the free security tool to disable itself. Security specialists Abdulellah Alsaheel and Raghav Pande discovered that the portion of EMET’s code which is responsible for uploading the software can be used to disable EMET entirely, making the antimalware software completely useless.
They also revealed that they have been working with Microsoft ahead of the launch of the 5.5 version of EMET this month to create a patch which would solve this security threat. Thus, the security vulnerability cannot be exploited in the newest version of EMET, but older versions including 5.0, 5.1 and 5.2 which Microsoft still supports are not safe. In addition to this patch, EMET 5.5 boasts of additional support for Windows 10 and a host of other improvements and mitigation.
While Microsoft has encouraged its users to upgrade to the latest version of EMET, they have also insisted that EMET was never intended to be a complete malware solution. According to Microsoft, EMET works by anticipating “the most common actions and techniques adversaries might use in compromising a computer, and help protect by diverting, terminating, blocking, and invalidating those actions and techniques.”
Additionally, EMET can protect against some zero-day vulnerabilities though not all. Thus, EMET can “detect and block exploitation techniques that are commonly used to exploit memory corruption vulnerabilities” but on its own cannot provide full security. The free tool is meant to be only a way of putting additional barriers to malware attacks.
Despite the insistence that users should not rely solely on EMET for the protection of their devices, FireEye researchers claim that if EMET does not make it any harder for attackers to hack devices, it defeats any purpose the antimalware tool could have had, especially when the vulnerability is based on such a fairly simple exploit.
The fact that several versions of EMET could be bypassed or disabled by attackers has been known for several years. In 2014, researchers at Bromium Labs showed that they found a way to bypass EMET 4.1. Despite this, EMET remains a popular tool for Microsoft users, especially due to the fact that Microsoft provides the software for free.