CERT-SEI
CERT/CC Blog

Keep Calm and Deploy EMET

By Jared Allar on 05/08/2013 | Permalink

CVE-2013-1347, the Internet Explorer 8 CGenericElement object use-after-free vulnerability has gotten a lot of press lately because it was used in a "watering hole" attack against several sites.

CERT/CC has obtained a sample of an exploit being used in the wild, and we have verified that Microsoft's EMET tool would have been effective in blocking this specific exploit. The optional EAF mitigation that is available in EMET 3.0 blocks this exploit. By default, EMET 4.0 provides several ROP-specific mitigations that extend the protection beyond the simple EAF restriction.

For ages now, we have been recommending that companies that use Windows deploy EMET  because we realize how much of a low-cost but high-reward countermeasure it is. If you haven't started already, it is time to start a plan to deploy EMET 4.0 in your enterprise.

Topics: Vulnerability Analysis , Vulnerability Discovery