Number: AV16-034
Date: 23 February 2016
Purpose
The purpose of this advisory is to bring attention to a recent update to Microsoft EMET.
Assessment
CCIRC is aware of a vulnerability in the Microsoft Enhanced Mitigation Experience Toolkit (EMET) version prior to 5.5. Exploitation of this vulnerability may allow a remote attacker to bypass or disable EMET and take control of an affected system.
EMET is a project that adds security mitigations to user mode programs beyond those built into the operating system. It runs inside "protected" programs as a Dynamic Link Library (DLL), and makes various changes in order to make exploitation more difficult.
Affected Versions:
EMET prior to version 5.5
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
Microsoft EMET
https://technet.microsoft.com/en-us/security/jj653751
FireEye Research
https://www.fireeye.com/blog/threat-research/2016/02/using_emet_to_disabl.html