Back a few TechEd conferences ago I learned about a new tool called EMET (Enhanced Mitigation Experience Toolkit) from Microsoft that was designed to add additional layers of protection to Windows operating systems. Given my strong focus on secure solutions, I was a big fan of EMET. Over the years some Microsoft security bulletins listed EMET as a mitigation technique for some zero day attacks when a patch was not available.
What is EMET and why do I install it in all of my enterprise base images and run it on all my personal computers? One word: Protection. Although you may never have heard of DEP, ASLR, ROP, SEHOP or EAF those are important technologies to help limit the damage exploits can do to your system. Since third party software is the number one way machines get hacked these days, providing protection to these applications can be a big win.
The first version was very bare bones and not really designed for enterprise deployment or management. Since then it has gotten much more enterprise friendly, with features such as XML policy definition and GPO controls. During those enhancements the GUI changed very little, and was still quite basic.
EMET 4.0 is a drastic upgrade in every sense of the word. It sports a brand new GUI with the Office ribbon. It now supports certificate pinning, Windows event logging, various skins, and new protection profiles such as “maximum security settings”. There’s also a new configuration wizard with recommended settings, for easy one click manual deployment. Certificate pinning is supposed to help with man-in-the-middle attacks, although it only supports IE at this time. A MS blog post about certificate pinning is here.
Full support for Windows 8 and Windows Server 2012 are also a bonus for this release. If you want to check out the full Microsoft post about EMET 4.0, you can find it here. If you are super excited about this release like I am and just want to immediately download and install it, you can download it here. I installed it while writing this article, and really like the make-over and added protections. I highly recommend you test it out, and use it to help protect your systems.