TechNet Blogs(情報元のブックマーク数)

EMET4.0 betaがリリースとのこと。SSL/TLSの証明書防御が新設されたみたい。

Great news! Today we are proud to announce a beta release of the next version of the Enhanced Mitigation Experience Toolkit (EMET) – EMET 4.0. Download it here:
EMET is a free utility that helps prevent memory corruption vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation techniques. The result is that a wide variety of software is made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an available update has not yet been applied. We encourage you to test out the beta release by downloading and installing it, asking questions about the new features, and reporting any issues you find for us to address before the final release. We plan to officially release EMET 4.0 on May 14, 2013.
The feature set for this new version of the tool was inspired by our desire for EMET to be an effective mitigation layer for a wider variety of potential software exploit scenarios, to provide stronger protections against scenarios where EMET protection already exists, and to have a way to respond to 0day exploits as soon as possible. Here are the highlights of the EMET 4.0 feature set:
EMET 4.0 detects attacks leveraging suspicious SSL/TLS certificates
EMET 4.0 strengthens existing mitigations and blocks known bypasses
EMET 4.0 addresses known application compatibility issues with EMET 3.0
EMET 4.0 enables an Early Warning Program for enterprise customers and for Microsoft
EMET 4.0 allows customers to test mitigations with “Audit Mode”

Introducing EMET v4 Beta – Security Research & Defense