EMET bypassed

Discussion in 'other security issues & news' started by BoerenkoolMetWorst, Feb 20, 2014.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    http://threatpost.com/latest-microsoft-100000-bounty-winner-bypasses-aslr-dep-mitigations/104328
     
  2. Impet

    Impet Registered Member

    Joined:
    May 5, 2013
    Posts:
    894
    So would you call EMET useless or is it still a good tool? :doubt:
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    I would say it's still a good tool, it still stops most exploits and I guess the bypass will be fixed in the next version.
     
  4. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    Just goes to show there is no security measure that is 100% infallible.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Please don't warp the definition of useless.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  8. Austerity

    Austerity Registered Member

    Joined:
    Jun 21, 2013
    Posts:
    367
    Location:
    Georgia / USA
    Guess it'd good I don't use it.
     
  9. DX2

    DX2 Guest

    how could you stop this then?
     
  10. Impet

    Impet Registered Member

    Joined:
    May 5, 2013
    Posts:
    894
    Wow, it's bypassed again and again. EMET has holes like a Swiss cheese. :D
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    IMHO, it's still a great idea to use EMET, until the day comes (if ever) when almost all malware is tested against EMET.
     
  12. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    http://arstechnica.com/security/201...y-bypasses-microsoft-zero-day-protection-app/
     
  13. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    complete nonsense. Take a look a the things that are widely used but can't work with EMET.
    Finding some working bypasses and presenting them (like Bromium guys) is a huge effort for the future development - as it was in the past. That's the game.
     
  14. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    At least EMET tries to mitigate the actual exploitation, unlike anti-virus products with their anti-exploit features, which only protect against the payloads. Yet the vendors go so far as to claim they even "prevent" exploits. I wonder how easily these guys would bypass anti-virus exploit protection. They'd probably have field day with it.
     
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  16. Impet

    Impet Registered Member

    Joined:
    May 5, 2013
    Posts:
    894
  17. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Nice to see that they are right on it. :thumb:

    The quote is from: http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/

    I really wonder when we will get to see hypervisor based HIPS, like for example McAfee Deep Defender.

    That will be the next step in security tools innovation. :)
     
  19. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
Loading...
Thread Status:
Not open for further replies.