EMET 5.5 released
Microsoft has updated EMET to version 5.5 [ 1 , 2 , 3 , 4 , 5 , 6 ]. A new version of the tool can be said at this link . As we indicated in the beta version information, an essential security feature called Block Untrusted Fonts was added to the tool to counteract Local Privilege Escalation (LPE) to exploits used by malware and RCE exploits to enhance their rights in the system. We are talking about protection from LPE exploits that use specially formed font files to trigger vulnerabilities in the win32k.sys driver.
Unfortunately, the new feature is available only to users of Windows 10, since its implementation is based on the new features of the OS kernel available only in this one. EMET 5.5 is the first release-version of the tool, which adds support for Windows 10.
')
Fig. The “Block Untrusted Fonts” feature is enabled for the entire system and will block attempts to load into the memory processes of TTF files located outside the% windir% / fonts directory.
Unfortunately, the new feature is available only to users of Windows 10, since its implementation is based on the new features of the OS kernel available only in this one. EMET 5.5 is the first release-version of the tool, which adds support for Windows 10.
')
Fig. The “Block Untrusted Fonts” feature is enabled for the entire system and will block attempts to load into the memory processes of TTF files located outside the% windir% / fonts directory.
Source: https://habr.com/ru/post/276311/
All Articles