Microsoft Ships Anti-Exploit Tool for IT Admins

LAS VEGAS — Microsoft today released a new tool to help IT administrators backport anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows.

The tool, called Enhanced Mitigation Experience Toolkit (EMET) works by applying security mitigation technologies to arbitrary applications to block against exploitation through common attack vectors.

In addition to implementing ASLR and DEP on older versions of the Windows operating system, Microsoft said EMET will also add anti-exploit mitigations to existing third-party software that do not currently opt-in to the mitigations.

“This helps to protect against successful exploitation of vulnerabilities without available fixes,” says Mike Reavey, a director in Microsoft’s Security Response Center (MSRC).

ALSR and DEP, which serve as defense-in-depth roadblocks during malware attacks, are enabled by default in newer versions of Windows.