VIENNA, Austria, October 28, 2014 /PRNewswire/ --

The EMET (Enhanced Mitigation Experience Toolkit) tool developed by Microsoft (NASDAQ: MSFT) makes it possible for administrators and end users to retroactively equip applications with additional protection mechanisms. This enhanced protection is intended to prevent various attack techniques that are currently used by cyber attackers.

Security expert René Freingruber of the SEC Consult Vulnerability Lab has developed numerous methods to get around the basic protection mechanisms of EMET in all currently available versions [1]. If a cyber attacker were to use these new bypass methods, serious attacks could be carried out. A software product protected with EMET as a workaround affected by a critical zero-day vulnerability could, for example, fall under the control of attackers.

Microsoft was informed of this by SEC Consult and is working on an improvement to the protection methods.

The experts of the SEC Consult Vulnerability Lab advise you to not view EMET as an unbeatable protection measure, because the tool can definitely be bypassed with the help of newly discovered methods.

SEC Consult considers it as necessary for software manufacturers to make the development of applications more secure and to regularly test their software extensively for application security.

[1] SEC Consult Proof of Concept Video: http://youtu.be/TuBQnvnKKHY

For more information, please contact:
Johannes Greil, MSc
Head of SEC Consult Vulnerability Lab
Tel.: +43-1-890-30-43-0
mailto: research@sec-consult.com

SOURCE SEC Consult