June 27, 2017 – 4:37 PM
The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard.
Microsoft’s EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques—some built in to Windows, some part of EMET itself—to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible.
With Windows 10, however, EMET’s development was essentially cancelled. Although Microsoft made sure the program ran on Windows 10, the company said that EMET was superfluous on its latest operating system. Some protections formerly provided by EMET had been built into the core operating system itself, and Windows 10 offered additional protections far beyond the scope of what EMET could do.
But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues—a few even require applications to be deliberately written with the mitigation in mind—which means that Windows does not simply turn on every mitigation for every application. It’s here that Exploit Guard comes in.
Exploit Guard will be able to control the operating system-wide mitigation capabilities, as well as more individual, tailored protections. For example, with Exploit Guard, certain kinds of macros in Office documents can be blocked, and access to websites known to host lots of malware can be prevented.