One of the many headaches that security administrators face is having to ensure that mission-critical applications, and the systems they run on, are secure from threats.

Sometimes, the difference between staying safe and losing corporate data may be a matter of having a built-in, security mitigation feature disabled by mistake or by default.

Microsoft (NASDAQ: MSFT) officials announced that the Enhanced Mitigation Experience Toolkit (EMET) 2.0, which is free, is now available for download.


EMET is designed to let administrators "harden" critical applications and systems by setting various parameters that "mitigate" potential security vulnerabilities. Many of these are settings that can be selected manually, and EMET aims to simplify that work.

"For those who may be unfamiliar with the tool, EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications," Microsoft said Thursday in a blog post. "This helps prevent vulnerabilities in those applications (especially line of business and third-party apps) from successfully being exploited."

Microsoft shipped the first version of EMET in October 2009. It initially provided support for four mitigations, including Dynamic Data Execution Prevention, which guards against executable code running in memory space that could be used to compromise the computer.

Version one also supported Structured Exception Handling, Null page allocation, and Heap spray allocation mitigations, Microsoft said at the time.

EMET 2 adds support for two more mitigations, including Export Address Table Access Filtering and Mandatory Address Space Layout Randomization (ASLR), which moves information around in memory randomly so that an exploit program can't hook a predictable location to begin an attack.

The update comes at a good time.

In April, Microsoft warned that PC infections reached epidemic proportions and are on the rise.

Microsoft officials point to how mitigations can at least lessen the impact of many types of attacks.

"During the Aurora outbreak in January 2010, Data Execution Prevention and Address Space Layout Randomization (two types of mitigation technologies) played an important [role] in blocking known attacks," Microsoft said in late July.

"Operation Aurora" was the name given to the widespread hack attacks against Google (NASDAQ: GOOG) and other U.S. companies revealed in January and believed to have emanated from China.

"By deploying these mitigation technologies on legacy products, the tool can also help customers manage risk while they are in the process of transitioning over to modern, more secure products," Microsoft said Thursday. "In addition, it makes it easy for customers to test mitigations against any software and provide feedback on their experience to the vendor."

The free download, which also sports an updated user interface, as well as a detailed user guide and a training video, is available for download here.

Stuart J. Johnston is a contributing writer at InternetNews.com, the news service of Internet.com, the network for technology professionals. Follow him on Twitter @stuartj1000.

Follow eSecurityPlanet on Twitter @eSecurityP.