Companies should not rely on EMET to delay patching frequently attacked programs Credit: Thinkstock It’s bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus (EAF+). The exploits have been recently added to the Angler exploit kit.Angler is one of the most widely used attack tools used by cybercriminals to launch Web-based, “drive-by” download attacks. It is capable of installing malware by exploiting vulnerabilities in users’ browsers or browser plug-ins when they visit compromised websites or view maliciously crafted ads.“The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion,” the FireEye researchers said Monday in a blog post. First released in 2009, EMET can enforce modern exploit mitigation mechanisms for third-party applications — especially legacy ones — that were built without them. This makes it much harder for attackers to exploit vulnerabilities in those programs in order to compromise computers.While EMET is often recommended as a defense layer for zero-day exploits — exploits for previously unknown vulnerabilities — it also gives companies some leeway when it comes to how fast they patch known flaws. In corporate environments, the deployment of patching does not happen automatically. Patches for the OS or stand-alone programs need to be prioritized, tested and only then pushed to computers, a process that can substantially delay their installation.With widespread exploits now able to evade EMET mitigations, the tool should no longer be relied on to protect old versions of applications like Flash Player, Adobe Reader, Silverlight or Java until a company can update them.Unfortunately, organizations are sometimes forced to keep old versions of browser plug-ins and other applications installed on endpoint computers in order to maintain compatibility with custom-made internal Web applications that haven’t been rewritten in years.“Applications such as Adobe Flash, web browsers, and Oracle Java should be patched routinely, prioritizing critical patches, or removed if possible,” the FireEye researchers said. “Because the Web browser plays an important role in the infection process, disabling browser plugins for Flash or Silverlight may also reduce the browser attack surface.” Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe