Exploit Kit Evades EMET Toolkit

Wednesday, June 8, 2016 @ 11:06 AM gHale


There are Angler exploit kit installations capable of evading security protections from Microsoft EMET toolkit on Windows 7, researchers said.

EMET is the Enhanced Mitigation Experience Toolkit designed to add an extra layer of security on top of Windows systems.

RELATED STORIES
Microsoft Mitigates Spam Attack
New Ransomware with Different Approach
Updated Ransomware getting Kinks Out
Ransomware Soars, Users Not Sure What It Is

The toolkit is not a standalone antivirus product because it will not actively look for malware, but it will put up defenses whenever malware tries to exploit vulnerable components.

Until now, security researchers have discovered a few ways to bypass EMET’s defenses, but none have been used in real-world attacks, said researchers at FireEye.

FireEye researchers said the Angler EK is deploying two exploits, one for Flash and one for Silverlight. These two exploits make two calls to the aforementioned plugins and run their code via a protected memory slot that allows them to deliver the malicious payload regardless of EMET’s DEP (Data Execution Mitigation), EAF (Export Address Table Access Filtering), and EAF+ mitigations.

For this exploit, attackers used Angler to bypass EMET and install the TeslaCrypt ransomware. These exploits worked on EMET’s latest 5.5 version.