Enhanced Mitigation Experience Toolkits (EMET) are known to provide both application and system protection in Windows by looking inside the operating system and searching for security exploits. According to Microsoft, it also helps “protect against new and undiscovered threats even before they are formally addressed through security updates or antimalware software.” While a EMET toolkit is available as a separate download, reports show Microsoft is apparently planning to build EMET security tools into the Windows 10 Fall Creators Update.
Well well well.. look who built-in EMET into the kernel of Windows 10 RS3 (Fall Creator's Update). Thanks to @epakskape for the hint. pic.twitter.com/RhxZiYHFAW
— Alex Ionescu (@aionescu) June 18, 2017
Fueling the report is a tweet from Alex Ionescu, who describes himself as a “Windows Internals Expert, Security Ninja, and Embedded ARM Kernel Guru.” Ionescu provides a screenshot in his tweet, showing that EMET is built into the kernel of the Windows 10 Fall Creators Update. Interestingly, two security researchers from Microsoft’s Research team also picked up and retweeted the tweet, perhaps further suggesting that the feature is indeed coming to RS3.
Though it seems a bit technical, here is a bit more on EMET, as detailed by Microsoft. Microsoft’s EMET toolkit works on Windows 10 , Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Vista.
The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.
It’s not exactly clear which build Alex Ionescu was running, but we reached out to him for a comment. As the WannaCrypt attacks showed, we live in a time when cyber attacks, malware, adware, and security exploits are ever so more common. While not official, it is still fitting to hear that Microsoft is perhaps making moves to make Windows 10 more secure. We will be keeping an eye on this, so be sure to stay tuned for more.
Update: We received a response back from Alex Ionescu. He tells us that the mentioned changes are new to build 16125.