DBSA:2014-0005

From Digibase Knowledge Base
Jump to: navigation, search

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Microsoft Attack Mitigation Toolkit Vulnerability

Keywords: EMET, Enhanced Mitigation Experience Toolkit, Microsoft, Vulnerability

DBSA ID: 2014-0005

Regarding: Microsoft Attack Mitigation Toolkit Vulnerability

Writeup: Kradorex Xeron (talk) 18:38, 24 February 2014 (EST) (report submitted by C)

Date: 2014 02 24

Last Modified: 20140224194324 by Kradorex Xeron

Who should take note: All Windows Users and Administrators

Classification

Priority: MODERATE

Rationale: Users must ensure they are not subjecting themselves to malware

Severity: MODERATE

Rationale: Users effected may be under a false sense of security

Spread of Issue: SINGLE-PLATFORM MODERATE

Rationale: All users who have EMET installed and enabled are effected.

Description

Microsoft has a security solution called "Enhanced Mitigation Experience Toolkit" (EMET) that it releases for use to protect potentially vulnerable software to disable zero-day exploits from being effected. A critical vulnerability has been located in EMET where an attacker can completely bypass the protections the software provides to install malware or perform alterations to the system. The discovered vulnerability effectively utilizes "detours" around the checks, thus bypassing the protections.

  • EMET 4.1 is vulnerable, it's assumed prior versions are also.

Mitigation/Solution

Users should be cautious on what input or files they are utilizing with any software at all times and not rely on security solutions to be a sole protection. It is advised to only open files that one knows the original source and is able to verify the legitimacy of those files before using the file in any capacity.

References