Microsoft last week announced that it would support the Enterprise Mitigation Experience Toolkit (EMET) through July 2018, a year-and-a-half extension for the anti-exploit utility.
At the same time, the Redmond, Wash. company dismissed EMET as a behind-the-times tool, and again urged customers to upgrade to Windows 10, arguing that the new operating system is much more secure than previous editions when supplemented by EMET.
“EMET hasn’t kept pace,” wrote Jeffrey Sutherland, a Microsoft principal program manager lead, in a post to a company blog Nov. 3. “Its effectiveness against modern exploit kits has not been demonstrated, especially in comparison to the many security innovations built into Windows 10.”
EMET has served multiple masters since its 2009 debut.
Although it was originally designed for enterprises and advanced Windows users, Microsoft quickly began recommending EMET to other customers when ongoing attacks were discovered, but patches had not yet been issued.
Outsiders concurred. In 2014, Belgian security researcher Peter Van Eeckhoutte, who had reported a vulnerability in Internet Explorer 8 to Hewlett-Packard’s Zero Day Initiative bug bounty program, said, “It should be clear by now that installing EMET has become an important layer of defense on your Windows endpoints. EMET won’t stop every single exploit, but it does increase the cost (for an attacker) to pwn [pawn, or hack] a box. If you’re serious about security, install it.”
EMET was most valuable to Windows XP users during the last five years of its support lifecycle, and to the more secure — but inevitably targeted — Windows 7, which remains the most popular OS on the planet.
With Windows XP retired and Windows 7 facing the same in January 2020, Microsoft clearly saw EMET as superfluous: Sutherland highlighted the tool’s shortcomings, rather than tout its effectiveness. “EMET has serious limits as well — precisely because it is not an integrated part of the operating system,” Sutherland wrote. “Not surprisingly, one can find well-publicized, often trivial bypasses, readily available online to circumvent EMET.”
Those comments were harsher than anything Microsoft has said about EMET in the past. As recently as October 2015, for example, Microsoft posted a nine-item list of benefits, leading off with, “EMET helps protect against new and undiscovered threats even before they are formally addressed through security updates or anti-malware software.”
Disparaging their older software — even when they had previously sung praises of that software — and trumpeting the newest is a common ploy by developers pushing customers to upgrade.
Microsoft will support EMET 5.5x — the only version now supported — until July 31, 2018, Sutherland said.