The Hacker News Logo
Subscribe to Newsletter

Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program

windows10-kernel-emet-security
It seems Microsoft is planning to build its EMET anti-exploit tool into the kernel of Windows 10 Creator Update (also known as RedStone 3), which is expected to release in September/October 2017.

So you may not have to separately download and install EMET in the upcoming version of the Windows 10.

If true, this would be the second big change Microsoft is making in its Windows 10 Fall update after planning to remove SMBv1 to enhance its users security.

EMET or Enhanced Mitigation Experience Toolkit, currently optional, is a free anti-exploit toolkit for Microsoft's Windows operating systems designed to boost the security of your computer against complex threats such as zero-day vulnerabilities.
microsoft-emet
"EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software," Microsoft site reads.

Basically EMET detects and prevents buffer overflows and memory corruption vulnerabilities, often used in zero-day attacks.

A few EMET features are already built into Windows 10 including DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), but the current version of Windows 10 doesn't offer the same level of protection as Windows 10 with EMET installed.

The following chart, created by researchers from Carnegie Mellon University's Software Engineering Institute, clearly indicates that Windows 10 with EMET offers better protection than alone Windows 10 does.
windows-10-emet-tool
Since Microsoft has already announced that the company will discontinue the support of EMET in July 2018, we believe the company has planned to built-in support for all remaining EMET features in the next version of Windows 10.

"There are no plans to offer support or security patching for EMET after July 31, 2018. For improved security, our recommendation is for customers to migrate to Windows 10," Microsoft said last year.

A tweet from Alex Ionescu, Windows security expert, with a screenshot hints that Microsoft may release its next stable version of Windows 10 with "built-in EMET into the kernel."

Also, we noticed that Alex's tweet was later retweeted by at least two security researchers from Microsoft team, which indirectly confirms the news.
windows10-emet
However, we tried to reach out to two of the Microsoft researchers, one of them hasn't responded yet, while other denied commenting at this moment.

EMET provides both system-wide as well as application-specific protection, which works by watching internal operating system operations for known security exploits and holes, and blocking attacks both on the OS and third-party applications.

The tool also mitigates the system against the well-known "untrusted fonts" attack, which is often leveraged in Web-based cyber attacks to compromise PCs and install malware.

Besides this, EMET also offers buffer overflow protection to applications that may be vulnerable to stack and buffer overflow attacks that malware uses to interact with the operating system.

So, let's just wait for the big news to be confirmed by Microsoft.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.