Exploit Kit Evades EMET Toolkit
Wednesday, June 8, 2016 @ 11:06 AM gHale
There are Angler exploit kit installations capable of evading security protections from Microsoft EMET toolkit on Windows 7, researchers said.
EMET is the Enhanced Mitigation Experience Toolkit designed to add an extra layer of security on top of Windows systems.
The toolkit is not a standalone antivirus product because it will not actively look for malware, but it will put up defenses whenever malware tries to exploit vulnerable components.
Until now, security researchers have discovered a few ways to bypass EMET’s defenses, but none have been used in real-world attacks, said researchers at FireEye.
FireEye researchers said the Angler EK is deploying two exploits, one for Flash and one for Silverlight. These two exploits make two calls to the aforementioned plugins and run their code via a protected memory slot that allows them to deliver the malicious payload regardless of EMET’s DEP (Data Execution Mitigation), EAF (Export Address Table Access Filtering), and EAF+ mitigations.
For this exploit, attackers used Angler to bypass EMET and install the TeslaCrypt ransomware. These exploits worked on EMET’s latest 5.5 version.