Researchers test EMET 5 protections, find them wanting
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has once again failed to stop an attack mounted by researchers working with Offensive Security, the company behind Kali Linux.
Earlier this year, they have succeeded in deactivating all protection features of the EMET v4 by leveraging and modifying a public exploit, and wanted to see whether the newly released EMET 5 has been improved enough to stop this particular line of attack (deactivating instead of bypassing the protections).
Unfortunately for Microsoft, they successfully adapted the same attack, and managed to disable the tool’s ROP mitigations and DEP/ASLR protection, standard EAF mitigations and additional ones (EAF+).
“The difficulty in disarming EMET 5 mitigations has not increased substantially since version 4.x. More than anything, only our ROP chain has increased in size, while achieving the same effect of bypassing the protections offered by EMET,” they concluded.
Technical information about the exploit and a video of the exploitation can be viewed here, while the code can be accessed here.