search menu icon-carat-right cmu-wordmark

Keep Calm and Deploy EMET

Vijay Sarvepalli

CVE-2013-1347, the Internet Explorer 8 CGenericElement object use-after-free vulnerability has gotten a lot of press lately because it was used in a "watering hole" attack against several sites.

CERT/CC has obtained a sample of an exploit being used in the wild, and we have verified that Microsoft's EMET tool would have been effective in blocking this specific exploit. The optional EAF mitigation that is available in EMET 3.0 blocks this exploit. By default, EMET 4.0 provides several ROP-specific mitigations that extend the protection beyond the simple EAF restriction.

For ages now, we have been recommending that companies that use Windows deploy EMET because we realize how much of a low-cost but high-reward countermeasure it is. If you haven't started already, it is time to start a plan to deploy EMET 4.0 in your enterprise.

Get updates on our latest work.

Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.

Subscribe Get our RSS feed