For every zero-day vulnerability we patch, there’s another waiting in the wings — and yet another, no doubt.
One of the better tools for protecting our systems from the new threats is Microsoft’s oddly named Enhanced Mitigation Experience Toolkit.
Minimizing the threat from zero-day exploits
When hackers create new forms of malware, there’s a (hopefully brief) time during which PCs are open to attack while antivirus companies build and deliver a virus-definition update. Those as-yet unpatched threats are called zero-day exploits, and they’re a constant menace to safe computing. One form of protection I’ve recommended is to use multiple browsers and keep them up to date. Exploits typically use one specific browser or add-on application such as Java or Adobe Flash. For advanced PC users, I also recommend downloading and using the Enhanced Mitigation Experience Toolkit (EMET).
Simply put, EMET can provide an extra layer of protection until there’s an official patch for a new exploit. It won’t guarantee protection from all vulnerabilities, but it makes it much harder for a cyber criminal to attack you. Microsoft Support article 2458544 explains EMET in detail. As with all AV tools, Microsoft is constantly enhancing EMET and recently released Version 3.5 (Download Center page), which adds four new types of virus-mitigation tools.
If you’re still on Windows XP, there’s a bit of bad news. To use EMET, you must have .NET Framework 2.0 loaded onto your system. (EMET 3.5’s installation process will prompt you to download and install .NET 2.0, if you’ve not already done so.) You can get .NET 2.0 Service Pack 1 at its MS Download Center page.
Windows XP users should also know that EMET is not as effective on that OS as it is on Vista and Windows 7. Natively, Windows XP can’t opt into additional AV protection. Installing EMET will back-port some of the new security technologies found in Windows 7.
For example, EMET will add Structured Exception Handling Overwrite Protection (SEHOP; more info) to Windows XP. First introduced in Windows Vista SP1, this technology is designed to protect systems from vulnerabilities that exploit Structured Exception Handler (SEH) overwrite vulnerabilities (as detailed in MS Support article 956607). An Ethical Hacker blog post showcases an SEH exploit of Yahoo Media Player.