Difference between revisions of "DBSA:2014-0005"

From Digibase Knowledge Base
Jump to: navigation, search
(Created page with "{{DBSAHEAD | TITLE=Microsoft Attack Mitigation Toolkit Vulnerability | KEYWORDS=EMET, Enhanced Mitigation Experience Toolkit, Microsoft, Vulnerability }} '''DBSA ID:''' {{PAG...")
 
 
(One intermediate revision by the same user not shown)
Line 8: Line 8:
 
'''Regarding:''' Microsoft Attack Mitigation Toolkit Vulnerability
 
'''Regarding:''' Microsoft Attack Mitigation Toolkit Vulnerability
  
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 18:38, 24 February 2014 (EST)
+
'''Writeup:''' [[User:Kradorex Xeron|Kradorex Xeron]] ([[User talk:Kradorex Xeron|talk]]) 18:38, 24 February 2014 (EST) (report submitted by [[User:C|C]])
  
 
'''Date:''' 2014 02 24
 
'''Date:''' 2014 02 24
Line 14: Line 14:
 
'''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}}
 
'''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}}
  
'''Who should take note:''' All Windows Users
+
'''Who should take note:''' All Windows Users and Administrators
  
 
==Classification==
 
==Classification==

Latest revision as of 19:43, 24 February 2014

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Microsoft Attack Mitigation Toolkit Vulnerability

Keywords: EMET, Enhanced Mitigation Experience Toolkit, Microsoft, Vulnerability

DBSA ID: 2014-0005

Regarding: Microsoft Attack Mitigation Toolkit Vulnerability

Writeup: Kradorex Xeron (talk) 18:38, 24 February 2014 (EST) (report submitted by C)

Date: 2014 02 24

Last Modified: 20140224194324 by Kradorex Xeron

Who should take note: All Windows Users and Administrators

Classification

Priority: MODERATE

Rationale: Users must ensure they are not subjecting themselves to malware

Severity: MODERATE

Rationale: Users effected may be under a false sense of security

Spread of Issue: SINGLE-PLATFORM MODERATE

Rationale: All users who have EMET installed and enabled are effected.

Description

Microsoft has a security solution called "Enhanced Mitigation Experience Toolkit" (EMET) that it releases for use to protect potentially vulnerable software to disable zero-day exploits from being effected. A critical vulnerability has been located in EMET where an attacker can completely bypass the protections the software provides to install malware or perform alterations to the system. The discovered vulnerability effectively utilizes "detours" around the checks, thus bypassing the protections.

  • EMET 4.1 is vulnerable, it's assumed prior versions are also.

Mitigation/Solution

Users should be cautious on what input or files they are utilizing with any software at all times and not rely on security solutions to be a sole protection. It is advised to only open files that one knows the original source and is able to verify the legitimacy of those files before using the file in any capacity.

References