SEI Insights

CERT/CC Blog

Vulnerability Insights

Keep Calm and Deploy EMET

Posted on by in

CVE-2013-1347, the Internet Explorer 8 CGenericElement object use-after-free vulnerability has gotten a lot of press lately because it was used in a "watering hole" attack against several sites.

CERT/CC has obtained a sample of an exploit being used in the wild, and we have verified that Microsoft's EMET tool would have been effective in blocking this specific exploit. The optional EAF mitigation that is available in EMET 3.0 blocks this exploit. By default, EMET 4.0 provides several ROP-specific mitigations that extend the protection beyond the simple EAF restriction.

For ages now, we have been recommending that companies that use Windows deploy EMET because we realize how much of a low-cost but high-reward countermeasure it is. If you haven't started already, it is time to start a plan to deploy EMET 4.0 in your enterprise.

About the Author