An update is available for EMET Certificate Trust default rules
This article describes an update to the Enhanced Mitigation Experience Toolkit. A link to download the update is provided.
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that a malicious hacker must defeat in order to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible.
EMET also includes the Certificate Trust feature. This feature detects Man in the Middle attacks that take advantage of maliciously issued certificates. The Certificate Trust feature lets users configure a set of pinning rules to validate digitally signed certificates (SSL certificates) while browsing. These rules are designed to bind the SSL certificates of specific domains with one or more trusted Root Certificate Authorities (Root CAs) that issued the certificate. When EMET detects the variation of an issuing Root CA for a specific SSL certificate that's configured for a specific domain, it reports this anomaly as a potential symptom of an ongoing Man in the Middle attack.
For more information about EMET, click the following article number to view the article in the Microsoft Knowledge Base:
2458544 The Enhanced Mitigation Experience ToolkitEMET’s default configuration includes a list of Certificate Trust rules for the logon services of Microsoft Account, Microsoft Office 365, Skype, and other popular online services such as Twitter, Facebook, and Yahoo!. These default rules can become obsolete over time, as SSL certificates expire. Organizations can decide to issue new SSL certificates for their services by using a Root CA that has not been defined in an EMET configuration.
This page contains the most up-to-date set of rules for EMET’s Certificate Trust feature for the services that are listed earlier. The rules are delivered as an easy-to-install easy fix package that automatically updates Certificate Trust rules.
The easy fix package will update EMET’s Certificate Trust default configuration rules for versions 4.0 and 4.1. EMET must be installed in the default directory (%ProgramFiles(x86)%\EMET 4.0 or %ProgramFiles(x86)%\EMET 4.1). Only the default rules will be updated. Custom rules will be kept "as is."
Here's an easy fixTo download the easy fix solution to update EMET’s Certificate Trust default rules, click the Download button. In the File Download dialog box, click Run or Open, and then follow the steps in the easy fix wizard.
- This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
- If you’re not on the computer that has the problem, save the easy fix solution to a flash drive or a CD, and then run it on the computer that has the problem.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Article ID: 2961016 - Last Review: 10/16/2015 19:04:00 - Revision: 2.0
Enhanced Mitigation Experience Toolkit 4.1
- atdownload kbexpertiseinter kbsecurity kbsecvulnerability kbmsifixme kbfixme KB2961016