Reference: CERT-EU Security Advisory 2016-116 Title: Vulnerability in Microsoft Enhanced Mitigation Experience Toolkit (EMET) Version history: 24/02/2016 Initial publication. Summary: =3D=3D=3D=3D=3D=3D=3D=3D The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies.[1] If an attacker can bypass EMET with significantly less work, then it defeats EMET=E2=80=99s purpose of increasing the cost of exploit developmen= t. There has been detected such a vulnerability in Microsoft Enhanced Mitigation Experience Toolkit (EMET) versions prior to 5.5. There exists a portion of code within EMET that is responsible for unloading EMET. The code systematically disables EMET=E2=80=99s protections and returns the program to its previously unprotected state. One simply needs to locate and call this function to completely disable EMET. For more details see [2]. Exploitation of this vulnerability may allow a remote attacker to bypass or disable EMET to take control of an affected system. Affected Versions: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Windows versions listed below, using EMET versions prior to 5.5 : Windows 8.1=09 Windows Server 2012 R2 Windows Server 2012=09 Windows 7 Service Pack 1 Windows Server 2008 R2 Service Pack 1 =09 Windows Server 2008 Service Pack 2 Windows Vista Service Pack 2 Recommendations: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Users and administrators should visit the Microsoft Security TechCenter and upgrade to EMET version 5.5 [3]. For additional information, please review the FireEye threat research blog [2]. References: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [1] https://support.microsoft.com/en-us/kb/2458544 [2] https://www.fireeye.com/blog/threat-research/2016/02/using_emet_to_disabl.h= tml [3] https://technet.microsoft.com/en-us/security/jj653751 Best Regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.htmlReference: