Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity

    Microsoft Takes Aim at Java Security With EMET 5

    Written by

    Sean Michael Kerner
    Published February 26, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      SAN FRANCISCO—Microsoft today announced a technical preview of version 5 of its Enhanced Mitigation Experience Toolkit (EMET), providing new security protection for Java as well as Microsoft Office.

      In an interview at the RSA Conference here, Jonathan Ness, principal security development lead at Microsoft’s Security Response Center (MSRC), explained to eWEEK that the goal of the new release is to reduce the attack surface for Microsoft software users. EMET is designed to provide an additional layer of security to applications to reduce the risk of exploitation.

      The new mitigations include protection for potential security issues in Oracle Java, which is one of the most often attacked applications on the client side. A recent study from Cisco indicated that Java was part of 91 percent of all exploits seen in 2013.

      Inside of EMET 5.0, the new Java control works with Microsoft’s Internet Explorer (IE ) Web browser and its concept of zone files. IE has local network and external network zones that EMET is now leveraging to lock down Java. Java files running on the internal zone, for example, can now be permitted to run, while external Java can be blocked.

      “A lot of times people just don’t need Java out on the Internet but they need it for their line-of-business applications and intranet sites,” Ness said.

      In addition to Java, Microsoft has also seen exploits hit enterprises by way of malicious Adobe Flash files, often connected to Microsoft Office documents, Ness said. To reduce the risk of that attack, EMET can now also block Office from calling a Flash file.

      EAF

      EMET now also introduces an enhanced version of its Export Address Table Filtering (EAF) technology. Ness explained that EAF blocks the mechanism that exploits use to jump into system-provided functionality. The new version of EAF takes advantage of lessons that Microsoft has learned from past exploitations of its software offerings.

      EAF is a different type of attack mitigation than Data Execution Protection (DEP), which is another technology from Microsoft that aims to reduce the potential attack surface. Ness explained that EAF operates at a more granular level of system operations.

      “EAF looks ahead and attempts to predict what system calls a given piece of code will make and then evaluates if that is appropriate for a legitimate application,” Ness said. “In contrast, DEP just makes a whole region of system memory unexecutable.”

      Earlier this week, security research firm Bromium detailed how it could potentially bypass protections in the current EMET 4.1 release. Ness said he appreciated the Bromium efforts as it will serve to make EMET 5 and future releases better.

      EMET is an optional download for Microsoft Windows users and, as such, is not on all Microsoft Windows installations by default. That said, Ness said that innovations that first debut in EMET do in fact eventually land in Microsoft’s operating systems.

      “What we really want to do is to take those mitigations that we’re trying out in EMET and put them into Windows,” Ness said. “Window 8.1 has mitigations in it that first appeared in earlier versions of EMET.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.