Bromium Labs Analyzes Microsoft’s EMET and Uncovers Vulnerabilities

Cupertino, Calif. -- 02/24/14
Back To Press & Events

Team of cybersecurity researchers investigate popular Microsoft zero-day prevention tool to gauge level of difficulty for hackers to bypass critical security protection for PCs

Bromium®, Inc., a pioneer in trustworthy computing, today announced new findings from Bromium Labs that focus on the strengths and weaknesses of Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free download developed to enhance the security of a PC by mitigating zero-day attacks. After extensive testing and analysis, Bromium Labs demonstrated the software is vulnerable to the presence of custom-built exploits.

“EMET is a viable personal and corporate defense add-on, but given other researchers have found EMET bypasses before, we sought to understand how EMET is vulnerable to the presence of novel exploits,” said Rahul Kashyap, chief security architect and head of security research, Bromium. “We want users to better understand the facts when making a decision about which PC protections to use. We conducted this research within Bromium Labs to further enhance EMET-like exploit mitigation tools so we as an industry can come together to better protect against future exploitation vectors.”

To learn about its limitations and help security teams create a better defense-in-depth strategy, Bromium Labs investigated if a more technical savvy attacker would be capable of bypassing the protections offered in EMET. Through an exploratory approach, Bromium Labs was able to bypass all of the protections in EMET. To educate the broader security community, Bromium Labs wrote a full technical whitepaper, available at labs.bromium.com that specifically demonstrates:

  • Ways to bypass all of the protections in EMET
  • How userland protections are not a sufficient means of protection because there is no “higher” ground advantage as there would be from a kernel or hypervisor
  • Recommendations on ways to upgrade the EMET protections where possible
  • Best practices and approaches for securing endpoints

Bromium Labs regularly conducts security research on a variety of computer threats and protections, most commonly focusing on the endpoint. During this study, Bromium Labs provided the research to Microsoft before speaking publicly about bypassing the protections.

Jared DeMott, principal security researcher at Bromium, will discuss findings in detail at BSidesSF2014 on Monday, February 24 at 10 a.m. PT at the DNA Lounge, 375 Eleventh Street, San Francisco, CA 94103. Tickets are free at the door and available on first-come, first-served basis. For more information on attending, visit: http://www.securitybsides.com/w/page/70849271/BSidesSF2014.

Share On Twitter Linkedin