Microsoft updates security toolkit for Windows apps

Microsoft's EMET helps secure older applications

Microsoft has issued an updated version of its mitigation tool for hardening Windows applications against common security exploits used by malware.

The Enhanced Mitigation Experience Toolkit (EMET) 2.0 is now available from the Microsoft download centre, and adds two new mitigations to the four already supported in the tool since EMET 1.02 was released in October 2009.

It also features a new graphical user interface that makes it easier to configure mitigations and see what is running on the system.

The toolkit is intended to combat common security attacks and even zero-day exploits by retroactively applying some security features introduced in newer versions of Windows, and ensuring that even older code can make use of them.

"EMET offers security mitigation technologies, some of which are available on newer platforms, but EMET brings these mitigation technologies to older platforms like Windows XP or even Office XP," said Andrew Roths, senior security development lead at Microsoft.

New in EMET 2.0 is Mandatory Address Space Layout Randomisation (ASLR) and Export Address Table Access Filtering (EATAF).

The first builds on the memory layout randomisation technology introduced with Windows Vista, which combats attacks by loading modules into a different area of memory each time, but only works for applications that explicitly enable it.

With EMET 2.0, Mandatory ASLR detects modules such as dynamic link libraries written before ASLR was available, according to Microsoft, and grabs its preferred memory page, forcing the operating system to load it to a random location.

EATAF is designed to break nearly all so-called 'shell code' in use today, according to Microsoft. This mitigation blocks a common technique that malware uses to locate Windows APIs from which to launch an attack.