Windows 10 Version 1709 comes with build-in EMET?

It's probably a good news for Windows 10 users. Whilst current versions of Windows 10 doesn't provide EMET Anti Exploit features, it seems that Microsoft intends to add that to the upcoming Windows 10 Fall Creators Update.


What is EMET?

EMET stands for Enhanced Mitigation Experience Toolkit, an optional and free anti-exploit toolkit from Microsoft for Windows operating systems. EMET is designed to boost the security of Windows against complex threats such as zero-day vulnerabilities.

Microsoft says, Windows 10 is more secure than older Windows versions, but EMET isn't shipped with Windows 10 till yet. But I pointed out within my blog post Microsoft announces Windows 7 EOL, recommends Windows 10 that Windows 7 + Enhanced Mitigation Experience Toolkit (EMET) is far more secure then Windows 10 without EMET.

(Source: Will Dorman, CERT)

Will Dormann from CERT has published the table shown above and pointed to some weaknesses in Microsoft's arguments "Windows 10 is more secure".

"Windows 10 does indeed provide some nice exploit mitigations. The problem is that the software that you are running needs to be specifically compiled to take advantage of them.

Will Dormann's intension of his article was to keep EMET alive (because Microsoft intends to retire EMET in July 2018).


Will EMET be integrated into the Windows Kernel?

According to this Hacker News article, it seems Microsoft is planning to build its EMET into the kernel of Windows 10 Fall Creator Update (Version 1708, also known as RedStone 3). It's expected that Windows 10 Version 1709 will be released in September/October 2017.

EMET detects and prevents buffer overflows and memory corruption vulnerabilities, often used in zero-day attacks. Some other features like DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) are implemented already in Windows 10.

So integrating EMET into Windows 10 kernel will hardening the operating system against zero day exploits. The rumor was spread by Alex Ionescu via Twitter:

These changes are new to Build 15125. But note, that this isn't confirmed by Microsoft till yet. Let's hope, EMET will survive within the kernel after Windows 10 V1709 release.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *