Cracked το EMET της Microsoft! Οι researchers ασφαλείας της FireEye, Abdulellah Alsaheel και Raghav Pande κατάφεραν να χρησιμοποιήσουν το λογισμικό ασφαλείας των Windows EMET to violate the security of… EMET!
So, instead of defending Windows, Microsoft's enhanced Microsoft mitigation tool attacks the operating system.
The researchers with attacks σε παλαιότερες εκδόσεις των Windows που χρησιμοποιούσαν το EMET κατάφεραν να ανακαλύψουν κενά ασφαλείας που μπορούν να παρακάμψουν και τις σύγχρονες άμυνες όπως τις διευθύνσεις χώρου τυχαίας επιλογής και την αποτροπή εκτέλεσης data.
Note that Windows 10 uses much of EMET for their security, with some new features added to the latest 5.5 version.
"The code systematically disables EMET protections and returns a program to a completely unprotected state," say the researchers.
"One just has to locate and call this feature to turn off EMET completely."
Previous attempts to bypass the EMET security application focused on the use of missing or inadequate features.
Instead, the Abdulellah Alsaheel and Raghav Pande hacks turn EMET protection features into an attack tool.
“This new technique uses the EMET to get rid of EMET protections,” they report. "It is a reliable and significantly easier EMET bypass technique than any previously published."
More details on the FireEye blog
https://www.fireeye.com/blog/threat-research/2016/02/using_emet_to_disabl.html