June 6, 2016
FireEye security researchers say they’ve found Angler exploit kit installations capable of evading some of the security protections provided by the Microsoft EMET toolkit on Windows 7.
EMET stands for Enhanced Mitigation Experience Toolkit and is a lesser known security product provided by Microsoft that was designed to add another extra layer of security on top of Windows systems.
The toolkit is not a standalone antivirus product because it will not actively look for malware, but it will put up serious defenses whenever malware tries to exploit vulnerable components.
Until now, security researchers have discovered a few ways to bypass EMET’s defenses, but none have been used in real-world attacks.
According to FireEye, in the past weeks, the company has come up over a few Angler exploit kit installations that can bypass EMET’s protections on Windows 7.
Researchers claim that the Angler EK is deploying two exploits, one for Flash and one for Silverlight. These two exploits make two calls to the aforementioned plugins and run their code via a protected memory slot that allows them to deliver the malicious payload regardless of EMET’s DEP (Data Execution Mitigation), EAF (Export Address Table Access