Attackers can turn Microsoft’s exploit defense tool EMET against itself
Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.
Researchers from security vendor FireEye have found a method through which exploits can unload EMET-enforced protections by leveraging a legitimate function in the tool itself.
Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. However, it’s likely that many users haven’t upgraded yet, because the new version mainly adds compatibility with Windows 10 and doesn’t bring any new significant mitigations.