Enhanced Mitigation Experience Toolkit own official collage

A hacking team has used Microsoft’s EMET security tool to turn the crosshairs on … well, EMET. This means Redmond’s own software has been used to shoot itself in the foot.

While testing for loopholes, security company FireEye found a way to disable the Microsoft’s Enhanced Mitigation Experience Toolkit, and the team achieved it by only using EMET.

Microsoft EMET is designed to locate and trap malicious behavior by placing anti-malware protocols into applications.
Abdulellah Alsaheel and Raghav Pande of FireEye turned the toolkit 180 degrees on itself to target EMET code that turns off the EMET feature.

If a hacker was to follow the code application, it would be possible to shut down the toolkit from within the service, meaning apps would not be protected.

The code systematically disables EMET’s protections and returns the program to its previously unprotected state,” the pair says.

One simply needs to locate and call this function to completely disable EMET. Jumping to this function results in subsequent calls, which remove EMET’s installed hooks.”

The exploit only affects 5.0, 5.1, and 5.2 of the Enhanced Mitigation Experience Toolkit, so those using Windows 10 are fine. Microsoft’s latest platform has EMET baked in directly to apps and the latest version 5.5, released on February 2nd, fixes the breach.

Of course, if you have missed that update it is worth heading to Microsoft’s download page and pulling in the patch immediately.

SOURCE: FireEye