Such as we published yesterday Microsoft will stop the EMET security toolkit because it thinks it is superfluous. The company believes that its latest Windows 10 has all of the features of EMET, but this is not true, according to Carnegie Mellon's CERT vulnerability analysis service.
For seven years EMET, or the Enhanced Mitigation Experience Toolkit, has been the primary security tool for Windows systems that could not repair a new flaw but still wanted to protect their network.
EMET provides a series of exploit mitigations that can protect vulnerable systems differently even when an error does not exist in a Microsoft product.
However, as mentioned above, Microsoft announced its plans to abandon EMET, as "Windows 10 includes all mitigation features used by EMET, such as DEP, ASLR, and Control Flow Guard (CFG) along with many other measures to prevent bypass UAC from exploits targeting the browser ”.
Jeffrey Sutherland, chief executive of Microsoft's operating system security team, said EMET could not keep up with modern threats and that it was now easy to find "trivial bypasses" online.
By claiming that customers using EMET have a built-in Windows 10, Microsoft has decided to stop EMET support after 31 2018 July and encourage its customers who want the best security to switch to Windows 10.
However, CERT's vulnerability analyst, Will Dormann, has asked Microsoft to withdraw its decision to withdraw EMET, claiming that Windows 10 does not provide the same protection as EMET. Dorman also reported that Windows 7 with EMET is better protected than Windows 10 that does not use it.
Please note that CERT is a nonprofit research center funded by the Carnegie Mellon University's Software Engineering Institute research and development center.
According to the service:
"The EMET library can modify the behavior of the application that is the target of an attack, providing additional protection," Dormann explains.
"The application of special protection capabilities provided by EMET has real value. "Because we can not rely on all software vendors to create code that stops the exploits that are available, EMET adds this control to our hands."
When EMET support stops, everyone who uses it should be aware of products that will not receive updates from vendors. Dormann notes that Office 2007, which reaches its end of support until the end of 2016, will soon be in this category.
Registration in iGuRu.gr via Email
But think all of the above, serve Microsoft to market new products. Maybe somewhat extorted, but we probably have to learn to live with it.