Security
Headlines
HeadlinesLatestCVEs

Headline

Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview

I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center (MSRC) engineering teams have been working hard on the next version of EMET, which helps customers increase the effort attackers must make to compromise a computer system.

msrc-blog
#web#ios#windows#microsoft#cisco#java#zero_day

I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center (MSRC) engineering teams have been working hard on the next version of EMET, which helps customers increase the effort attackers must make to compromise a computer system.

I’m happy to announce the public release of the EMET 5.0 Technical Preview today from the RSA exhibit hall.

During last night’s RSA reception, conference attendees got a sneak preview of EMET 5.0 as demonstrated by Jonathan Ness, Chengyun Chu, Elia Florio and Elias Bachaalany from our EMET engineering team. If you missed it, we’ll have our EMET engineering team here all week at RSA demonstrating the current version of EMET 4.1, as well as the EMET 5.0 Technical Preview, at the Microsoft Booth (number 3005).

EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and can help protect the computer by diverting, terminating, blocking and invalidating those actions and techniques. In recent 0-days, EMET has been an effective mitigation against memory corruption. Having EMET installed and configured on computers meant that the computers were protected from those attacks.

EMET 5.0 Technical Preview adds new protections for enterprises on top of the 12 built-in security mitigations included in version 4.1. For instance, the new Attack Surface Reduction mitigation allows enterprises to better protect third-party and custom-built applications by selectively enabling Java, Adobe Flash Player and Microsoft or third-party plug-ins. At the Security Research and Defense blog, our engineering team provides a deep dive blog post on EMET 5.0 Technical Preview.

](https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/45/71/8306.emet1.jpg)

Since the first release of EMET in 2009, our customers and the security community have adopted EMET and provided us with valuable feedback. Your feedback both in forums and through Microsoft Premier Support Services, which provides enterprise support for EMET, has helped shape the new EMET capabilities to further expand the range of scenarios it addresses.

The same goes for EMET 5.0 Technical Preview. As we march towards the final release of EMET 5.0, we would like to invite you to download the EMET 5.0 Technical Preview at microsoft.com/emet to deploy in your test environments. Your feedback is valuable in shaping our roadmap. Please let us know what you think.

Finally, if you’re at the RSA Conference, please stop by our booth and share your feedback with Jonathan, Chengyun, Elia and Elias. We’d like to hear from you!

Thanks,
Chris Betz
Senior Director
Microsoft Security Response Center (MSRC)

msrc-blog: Latest News

Mitigating NTLM Relay Attacks by Default