locked
A Bug maybe? RRS feed

  • Question

  • I was recently testing out EMET with a third party exploit testing tool and found that if EAF is checked off for an application then EMET's ROP mitigations no longer work for that application, this may possibly be a serious bug in EMET because if EAF is incompatible with a certain application and the user turns EAF off for the application then the "meat" of EMET's protections are gone for the application and the user may be getting a false sense of security, I hope you EMET folks look into the matter sincerely.
    Thursday, September 11, 2014 6:35 PM

All replies

  • I would advice you to (also) post an issue on the Microsoft Connect EMET 5.0 Feedback program (https://connect.microsoft.com/emet/Feedback) or e-mail the  Microsoft's EMET team at emet_feedback@microsoft.com?

    W. Spu

    Thursday, September 11, 2014 8:46 PM
  • i can confirm this as well..
    Friday, September 12, 2014 3:55 PM