DBSA:2014-0005
Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Contents
Digibase Security Advisory - Microsoft Attack Mitigation Toolkit Vulnerability
Keywords: EMET, Enhanced Mitigation Experience Toolkit, Microsoft, Vulnerability
DBSA ID: 2014-0005
Regarding: Microsoft Attack Mitigation Toolkit Vulnerability
Writeup: Kradorex Xeron (talk) 18:38, 24 February 2014 (EST) (report submitted by C)
Date: 2014 02 24
Last Modified: 20140224184324 by Kradorex Xeron
Who should take note: All Windows Users and Administrators
Classification
Priority: MODERATE
Rationale: Users must ensure they are not subjecting themselves to malware
Severity: MODERATE
Rationale: Users effected may be under a false sense of security
Spread of Issue: SINGLE-PLATFORM MODERATE
Rationale: All users who have EMET installed and enabled are effected.
Description
Microsoft has a security solution called "Enhanced Mitigation Experience Toolkit" (EMET) that it releases for use to protect potentially vulnerable software to disable zero-day exploits from being effected. A critical vulnerability has been located in EMET where an attacker can completely bypass the protections the software provides to install malware or perform alterations to the system. The discovered vulnerability effectively utilizes "detours" around the checks, thus bypassing the protections.
- EMET 4.1 is vulnerable, it's assumed prior versions are also.
Mitigation/Solution
Users should be cautious on what input or files they are utilizing with any software at all times and not rely on security solutions to be a sole protection. It is advised to only open files that one knows the original source and is able to verify the legitimacy of those files before using the file in any capacity.