Hackers bypass Microsoft’s EMET exploit blocker to infect Silverlight and Flash apps

Arif Bacchus

Microsoft Campus

A new report out by ComputerWorld is showing that hackers have bypassed Microsoft’s EMET exploit blocker to infect Silverlight and Flash apps.

In a blog post about the issue, the security Firm FireEye also notes that this is the first time that this Angler EK exploit has appeared in the wild, and that this issue was only affected systems running Windows 7. FireEye also notes that the hack uses complex multi-layered code obfuscation and leverages multiple exploits, making it, “one of the more sophisticated exploit kits in use at this time.”

As CompterWorld reports, the Enhanced Mitigation Experience Toolkit (EMET for short) was first released in 2009. EMET was designed to enforce modern exploit mitigation mechanisms for third-party applications that were built without them. Ultimately, this makes it much harder for attackers to exploit vulnerabilities in those programs.

FireEye notes that a robust vulnerability management program for end user systems, which includes the installation of security updates for third party software is a good mitigation for this threat. FireEye also recommends disabling browser plugins for Flash or Silverlight to reduce the risk of attack.