Summary
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. For more information about EMET, click the following article number to view the article in the Microsoft Knowledge Base:
2458544 The Enhanced Mitigation Experience Toolkit When EMET mitigations are applied to certain software or certain kinds of software, compatibility issues may occur because the protected software behaves similarly to how an exploit would behave. This article describes the kind of software that usually presents compatibility issues with EMET’s mitigations and a list of products that exhibited compatibility issues with one or more of the mitigations that are offered by EMET.
More Information
Generic guidelines
EMET mitigations work at a very low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they are configured to be protected by using EMET. The following is a list of the kinds of software that should not be protected by using EMET:
-
Anti-malware and intrusion prevention or detection software
-
Debuggers
-
Software that handles digital rights management (DRM) technologies (that is, video games)
-
Software that use anti-debugging, obfuscation, or hooking technologies
Certain host-based intrusion prevention system (HIPS) applications may provide protections that resemble those of EMET. When these applications are installed on a system together with EMET, additional configuration may be required to enable the two products to coexist.
Additionally, EMET is intended to work together with desktop applications, and you should protect only those applications that receive or handle untrusted data. System and network services are also out-of-scope for EMET. Although it is technically possible to protect these services by using EMET, we do not advise you to do this.
Application compatibility list
The following is a list of specific products that have compatibility issues in regards to the mitigations that are offered by EMET. You must disable specific incompatible mitigations if you want to protect the product by using EMET. Be aware that this list takes into consideration the default settings for the latest version of the product. Compatibility issues may be introduced when you apply certain add-ins or additional components to the standard software.
Incompatible mitigations
|
Product |
EMET 4.1 Update 1 |
EMET 5.2 |
EMET 5.5 and newer |
|---|---|---|---|
|
.NET 2.0/3.5 |
Export Address Filtering (EAF)/Import Address Filtering (IAF) |
EAF/IAF |
EAF/IAF |
|
7-Zip Console/GUI/File Manager |
(EAF) |
EAF |
EAF |
|
AMD 62xx processors |
EAF |
EAF |
EAF |
|
Beyond Trust Power Broker |
Not applicable |
EAF, EAF+, Stack Pivot |
EAF, EAF+, Stack Pivot |
|
Certain AMD/ATI video drivers |
System ASLR=AlwaysOn |
System ASLR=AlwaysOn |
System ASLR=AlwaysOn |
|
DropBox |
EAF |
EAF |
EAF |
|
Excel Power Query, Power View, Power Map and PowerPivot |
EAF |
EAF |
EAF |
|
Google Chrome |
SEHOP* |
SEHOP* |
SEHOP*, EAF+ |
|
Google Talk |
DEP, SEHOP* |
DEP, SEHOP* |
DEP, SEHOP* |
|
Immidio Flex+ |
Not applicable |
EAF |
EAF |
|
McAfee HDLP |
EAF |
EAF |
EAF |
|
Microsoft Office Web Components (OWC) |
System DEP=AlwaysOn |
System DEP=AlwaysOn |
System DEP=AlwaysOn |
|
Microsoft PowerPoint |
EAF |
EAF |
EAF |
|
Microsoft Teams |
SEHOP* |
SEHOP* |
SEHOP*, EAF+ |
|
Microsoft Word |
Heapspray |
Not applicable |
Not applicable |
|
Oracle Javaǂ |
Heapspray |
Heapspray |
Heapspray |
|
Pitney Bowes Print Audit 6 |
SimExecFlow |
SimExecFlow |
SimExecFlow |
|
Siebel CRM version is 8.1.1.9 |
SEHOP |
SEHOP |
SEHOP |
|
Skype |
EAF |
EAF |
EAF |
|
SolarWinds Syslogd Manager |
EAF |
EAF |
EAF |
|
VLC Player 2.1.3+ |
SimExecFlow |
Not applicable |
Not applicable |
|
Windows Media Player |
MandatoryASLR, EAF, SEHOP* |
MandatoryASLR, EAF, SEHOP* |
MandatoryASLR, EAF, SEHOP* |
|
Windows Photo Gallery |
Caller |
Not applicable |
Not applicable |
* Only in Windows Vista and earlier versions
Ç‚ EMET mitigations might be incompatible with Oracle Java when they are run by using settings that reserve a large chunk of memory for the virtual machine (that is, by using the -Xms option).
Frequently asked questions
Q: What are the exploits for which CVEs have been blocked by EMET?
A: The following is a partial list of the CVEs for which the known exploits are successfully blocked by EMET at the time of discovery:
|
CVE number |
Product family |
|---|---|
|
CVE-2004-0210 |
Windows |
|
CVE-2006-2492 |
Office |
|
CVE-2006-3590 |
Office |
|
CVE-2007-5659 |
Adobe Reader, Adobe Acrobat |
|
CVE-2008-4841 |
Office |
|
CVE-2009-0927 |
Adobe Reader, Adobe Acrobat |
|
CVE-2009-4324 |
Adobe Reader, Adobe Acrobat |
|
CVE-2010-0188 |
Adobe Reader, Adobe Acrobat |
|
CVE-2010-0806 |
Internet Explorer |
|
CVE-2010-1297 |
Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat |
|
CVE-2010-2572 |
Office |
|
CVE-2010-2883 |
Adobe Reader, Adobe Acrobat |
|
CVE-2010-3333 |
Office |
|
CVE-2010-3654 |
Adobe Flash Player |
|
CVE-2011-0097 |
Office |
|
CVE-2011-0101 |
Office |
|
CVE-2011-0611 |
Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat |
|
CVE-2011-1269 |
Office |
|
CVE-2012-0158 |
Office, SQL Server, Commerce Server, Visual FoxPro, Visual Basic |
|
CVE-2012-0779 |
Adobe Flash Player |
|
CVE-2013-0640 |
Adobe Reader, Adobe Acrobat |
|
CVE-2013-1331 |
Office |
|
CVE-2013-1347 |
Internet Explorer |
|
CVE-2013-3893 |
Internet Explorer |
|
CVE-2013-3897 |
Internet Explorer |
|
CVE-2013-3906 |
Windows, Office |
|
CVE-2013-3918 |
Windows |
|
CVE-2013-5065 |
Windows |
|
CVE-2013-5330 |
Adobe Flash Player, Adobe AIR |
|
CVE-2014-0322 |
Internet Explorer |
|
CVE-2014-0497 |
Adobe Flash Player |
|
CVE-2014-1761 |
Office, SharePoint |
|
CVE-2014-1776 |
Internet Explorer |
|
CVE-2015-0313 |
Adobe Flash Player |
|
CVE-2015-1815 |
Internet Explorer |
Q: How do I uninstall Microsoft EMET 5.1 by using an MSIEXEC command or a registry command?
A: See the references in the following TechNet topic:
Msiexec (command-line options)
Q: How do I disable Watson Error Reporting (WER)?
A: See the references in the following Windows and Windows Server articles:
WER Settings
Windows Error Reporting
Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
