EMET 4.1 Update 1

NikKNikK Posts: 935 Rock Star

was released yesterday:

 

http://blogs.technet.com/b/srd/archive/2014/04/30/continuing-with-our-community-driven-customer-focused-approach-for-emet.aspx

 

To @Blackcat and perhaps others interested:

As I understand it the mitigation bypasses Bromium Labs did is not possible if you have the Apps setting "Deep Hooks" enabled, which is great news. It's not enabled by default because it might cause problems, but the EMET team are considering having it enabled when 5.0 is released as a final version.

I realised I must have enabled it already when I installed EMET the first time and I can't say it's causing any major problems. So I've been better protected than most other EMET users Smiley Wink

 

From EMET User Guide:

Deep Hooks: EMET will protect critical APIs and the subsequent lower level APIs used by the top level critical API. For example, EMET will not only hook and protect kernel32!VirtualAlloc but also the related lower level functions, such as kernelbase!VirtualAlloc and ntdll!NtAllocateVirtualMemory.

Comments

This discussion has been closed.