EMET 4.1 Update 1
was released yesterday:
To @Blackcat and perhaps others interested:
As I understand it the mitigation bypasses Bromium Labs did is not possible if you have the Apps setting "Deep Hooks" enabled, which is great news. It's not enabled by default because it might cause problems, but the EMET team are considering having it enabled when 5.0 is released as a final version.
I realised I must have enabled it already when I installed EMET the first time and I can't say it's causing any major problems. So I've been better protected than most other EMET users
From EMET User Guide:
Deep Hooks: EMET will protect critical APIs and the subsequent lower level APIs used by the top level critical API. For example, EMET will not only hook and protect kernel32!VirtualAlloc but also the related lower level functions, such as kernelbase!VirtualAlloc and ntdll!NtAllocateVirtualMemory.
Comments
-
Good read here; http://blogs.technet.com/b/srd/archive/2014/04/30/continuing-with-our-community-driven-customer-focused-approach-for-emet.aspx
EMET 5 looks good and Technical Preview available now.