Microsoft EMET

[Ryan Behan]

Interesting security feature update released by Microsoft. Have any
of you put EMET in production?

http://blogs.technet.com/b/srd/archive/2010/07/21/announcing-the-upcoming-release-of-emet-v2.aspx

Link to a video presentation.

http://ecn.channel9.msdn.com/o9/edge/9900/29900/emetoverview72010_edge.wmv

Hope you are all enjoying summer. We will be sending out a letter
regarding the next OWASP LI chapter meeting soon, hope to see you
there.

Best Regards,
Ryan

[Dan Guido]

I've been using EMET on my personal computers since it came out in
October 2009 but I haven't seen it or convinced anyone to put it in
production anywhere yet.

The only app I've had compatibility problems with was Adobe Reader, it
seems to break the printing functionality. Adobe Reader is easy enough
to configure with reduced functionality and other mitigations that I
feel safe enough when I have to use it, as opposed to an alternative
PDF reader.

--
Dan Guido

[Dan Guido]

EMET 2 is supposed to have added some new ways to manage it. They
haven't released the installer or the docs to look at yet, but the
video includes some some screenshots that show the new GUI. I'm not
sure how well it integrates with AD, if at all.

--
Dan Guido

On Mon, Aug 2, 2010 at 11:31 AM, Erik C <eri...@yahoo.com> wrote:
> As with DEP when SP2 came out, MS made a great thing and didn't provide a way to manage it in an enterprise environment (via AD would be nice). I'd love to try EMET out in a corporate environment but how am I going to keep track of what things are EMETized on which machines? I'd have to keep my own DB of all that data and actually run EMET via psexec or similar on all the machines I want to run it on.
>
> Chris' point is a good one regarding the static addresses, EMET 2.0 has Mandatory ASLR so maybe that stops that problem. I'll write the lead dev and ask him if that is fixed in 2.0.
>
> Take care,
>
> -Erik-
>
> --- On Mon, 8/2/10, Dan Guido <dgu...@gmail.com> wrote: