Summary

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. For more information about EMET, click the following article number to view the article in the Microsoft Knowledge Base:

2458544 The Enhanced Mitigation Experience Toolkit When EMET mitigations are applied to certain software or certain kinds of software, compatibility issues may occur because the protected software behaves similarly to how an exploit would behave. This article describes the kind of software that usually presents compatibility issues with EMET’s mitigations and a list of products that exhibited compatibility issues with one or more of the mitigations that are offered by EMET.

More Information

Generic guidelines

EMET mitigations work at a very low level in the operating system, and some kinds of software that perform similar low-level operations might have compatibility issues when they are configured to be protected by using EMET. The following is a list of the kinds of software that should not be protected by using EMET:

  • Anti-malware and intrusion prevention or detection software

  • Debuggers

  • Software that handles digital rights management (DRM) technologies (that is, video games)

  • Software that use anti-debugging, obfuscation, or hooking technologies

Certain host-based intrusion prevention system (HIPS) applications may provide protections that resemble those of EMET. When these applications are installed on a system together with EMET, additional configuration may be required to enable the two products to coexist.

Additionally, EMET is intended to work together with desktop applications, and you should protect only those applications that receive or handle untrusted data. System and network services are also out-of-scope for EMET. Although it is technically possible to protect these services by using EMET, we do not advise you to do this.

Application compatibility list

The following is a list of specific products that have compatibility issues in regards to the mitigations that are offered by EMET. You must disable specific incompatible mitigations if you want to protect the product by using EMET. Be aware that this list takes into consideration the default settings for the latest version of the product. Compatibility issues may be introduced when you apply certain add-ins or additional components to the standard software.

Incompatible mitigations

Product

EMET 4.1 Update 1

EMET 5.2

EMET 5.5 and newer

.NET 2.0/3.5

Export Address Filtering (EAF)/Import Address Filtering (IAF)

EAF/IAF

EAF/IAF

7-Zip Console/GUI/File Manager

(EAF)

EAF

EAF

AMD 62xx processors

EAF

EAF

EAF

Beyond Trust Power Broker

Not applicable

EAF, EAF+, Stack Pivot

EAF, EAF+, Stack Pivot

Certain AMD/ATI video drivers

System ASLR=AlwaysOn

System ASLR=AlwaysOn

System ASLR=AlwaysOn

DropBox

EAF

EAF

EAF

Excel Power Query, Power View, Power Map and PowerPivot

EAF

EAF

EAF

Google Chrome

SEHOP*

SEHOP*

SEHOP*, EAF+

Google Talk

DEP, SEHOP*

DEP, SEHOP*

DEP, SEHOP*

Immidio Flex+

Not applicable

EAF

EAF

McAfee HDLP

EAF

EAF

EAF

Microsoft Office Web Components (OWC)

System DEP=AlwaysOn

System DEP=AlwaysOn

System DEP=AlwaysOn

Microsoft PowerPoint

EAF

EAF

EAF

Microsoft Teams

SEHOP*

SEHOP*

SEHOP*, EAF+

Microsoft Word

Heapspray

Not applicable

Not applicable

Oracle Javaǂ

Heapspray

Heapspray

Heapspray

Pitney Bowes Print Audit 6

SimExecFlow

SimExecFlow

SimExecFlow

Siebel CRM version is 8.1.1.9

SEHOP

SEHOP

SEHOP

Skype

EAF

EAF

EAF

SolarWinds Syslogd Manager

EAF

EAF

EAF

VLC Player 2.1.3+

SimExecFlow

Not applicable

Not applicable

Windows Media Player

MandatoryASLR, EAF, SEHOP*

MandatoryASLR, EAF, SEHOP*

MandatoryASLR, EAF, SEHOP*

Windows Photo Gallery

Caller

Not applicable

Not applicable



* Only in Windows Vista and earlier versions

ǂ EMET mitigations might be incompatible with Oracle Java when they are run by using settings that reserve a large chunk of memory for the virtual machine (that is, by using the -Xms option).

Frequently asked questions

Q: What are the exploits for which CVEs have been blocked by EMET?

A: The following is a partial list of the CVEs for which the known exploits are successfully blocked by EMET at the time of discovery:

CVE number

Product family

CVE-2004-0210

Windows

CVE-2006-2492

Office

CVE-2006-3590

Office

CVE-2007-5659

Adobe Reader, Adobe Acrobat

CVE-2008-4841

Office

CVE-2009-0927

Adobe Reader, Adobe Acrobat

CVE-2009-4324

Adobe Reader, Adobe Acrobat

CVE-2010-0188

Adobe Reader, Adobe Acrobat

CVE-2010-0806

Internet Explorer

CVE-2010-1297

Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat

CVE-2010-2572

Office

CVE-2010-2883

Adobe Reader, Adobe Acrobat

CVE-2010-3333

Office

CVE-2010-3654

Adobe Flash Player

CVE-2011-0097

Office

CVE-2011-0101

Office

CVE-2011-0611

Adobe Flash Player, Adobe AIR, Adobe Reader, Adobe Acrobat

CVE-2011-1269

Office

CVE-2012-0158

Office, SQL Server, Commerce Server, Visual FoxPro, Visual Basic

CVE-2012-0779

Adobe Flash Player

CVE-2013-0640

Adobe Reader, Adobe Acrobat

CVE-2013-1331

Office

CVE-2013-1347

Internet Explorer

CVE-2013-3893

Internet Explorer

CVE-2013-3897

Internet Explorer

CVE-2013-3906

Windows, Office

CVE-2013-3918

Windows

CVE-2013-5065

Windows

CVE-2013-5330

Adobe Flash Player, Adobe AIR

CVE-2014-0322

Internet Explorer

CVE-2014-0497

Adobe Flash Player

CVE-2014-1761

Office, SharePoint

CVE-2014-1776

Internet Explorer

CVE-2015-0313

Adobe Flash Player

CVE-2015-1815

Internet Explorer



Q: How do I uninstall Microsoft EMET 5.1 by using an MSIEXEC command or a registry command?

A: See the references in the following TechNet topic:

Msiexec (command-line options) Q: How do I disable Watson Error Reporting (WER)?

A: See the references in the following Windows and Windows Server articles:

WER Settings

Windows Error Reporting

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!

×