Xanda's Blog !~!

Microsoft Announcing the Release of the Enhanced Mitigation Evaluation Toolkit (EMET)

Oct
28

Even as you read this, people around the world are hunting for vulnerabilities in software applications.  Odds are some of them will be successful.  Depending on their motives and what they find, your software and systems may be put at risk.  So how do you protect your software from unknown vulnerabilities that may or may not exist?  One option is to use security mitigations.

Microsoft offers a number of different mitigation technologies that are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software.  Take a look at Michael Howard’s article “Protecting Your Code with Visual C++ Defenses” (http://msdn.microsoft.com/en-us/magazine/cc337897.aspx) for a brief overview of some of these technologies.

Supported mitigations include:

  • SEHOP
  • Dynamic DEP
  • NULL page allocation
  • Heap spray allocation

[Read more: HERE]