none
EMET 5.2 Breaks Internet Explorer 11

    General discussion

  • Using Windows 8.1 with Internet Explorer 11, EMET 5.2 causes Internet Explorer to crash just by navigating to a website.  I'm using 'Recommended Security' settings in EMET, with the default 'Popular Software' protection profile.

    1) Open Internet Explorer
    2) Either go to a website such as http://www.amazon.co.uk/ or alternatively just open IE and wait for 30 seconds without doing anything
    3) Browser crashes and says 'Internet Explorer has stopped working'
    4) Error reporting shows the following:

    Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91
    Faulting module name: EMET64.dll, version: 5.2.0.0, time stamp: 0x54ff88ee
    Exception code: 0xc0000005
    Fault offset: 0x0000000000048417
    Faulting process ID: 0xf3c
    Faulting application start time: 0x01d05d8898f1fd96
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\AppPatch\AppPatch64\EMET64.dll
    Report ID: e8b7058f-c97b-11e4-82a7-0019d16e4234
    Faulting package full name:
    Faulting package-relative application ID:

    5) Disabling ALL mitigations for Internet Explorer in the EMET 'Applications List' doesn't solve the issue.  Internet Explorer has to be completely removed from the EMET 'Applications List' in order to prevent it from crashing.

    6) Problem occurs regardless of whether Internet Explorer is running in 'Enable Enhanced Protected Mode' with 'Enable 64-bit processes for Enhanced Protected Mode' or not.

    7) Needed to uninstall EMET 5.2 and go back to 5.1

    Friday, March 13, 2015 1:12 PM

All replies

  • Same problem, had to go back to 5.1
    Friday, March 13, 2015 1:51 PM
  • Same problem, had to go back to 5.1

    Agreed, another Windows 8.1 IE 11 that is unusable with EMET 5.2.  Tried unchecking EAF+ and ASLR which were culprits in the past but total fail.  Uninstalled back to 5.1.  Sometimes wonder if they check what is released.

    Delrel


    • Edited by Delrel Friday, March 13, 2015 1:59 PM
    Friday, March 13, 2015 1:58 PM
  • The faulting check is the CERTIFICATE PINNING check. Disable that and you'll be okay.

    This feedback has been provided to the emet_feedback@Microsoft.com alias.

    Friday, March 13, 2015 5:02 PM
  • Unfortunately I want the certificate checks for various websites, so I'll be staying with 5.1.
    Friday, March 13, 2015 5:11 PM
  • ... Sometimes wonder if they check what is released

    +1
    Friday, March 13, 2015 5:28 PM
  • It's a shame that MS's own "mitigation toolkit" breaks its own, most popular browser. This leads me to believe that there is no QC whatsoever at MS, or they are paying high salary for a bunch of stupid incompetent employees. How low can you go, MS?

     

    PS. I am typing this post from my Ubuntu 14.04.2 laptop. 

    Saturday, March 14, 2015 2:25 PM
  • Using Windows 8.1 with Internet Explorer 11, EMET 5.2 causes Internet Explorer to crash just by navigating to a website.  I'm using 'Recommended Security' settings in EMET, with the default 'Popular Software' protection profile.

    1) Open Internet Explorer
    2) Either go to a website such as http://www.amazon.co.uk/ or alternatively just open IE and wait for 30 seconds without doing anything
    3) Browser crashes and says 'Internet Explorer has stopped working'
    4) Error reporting shows the following:

    Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91
    Faulting module name: EMET64.dll, version: 5.2.0.0, time stamp: 0x54ff88ee
    Exception code: 0xc0000005
    Fault offset: 0x0000000000048417
    Faulting process ID: 0xf3c
    Faulting application start time: 0x01d05d8898f1fd96
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\AppPatch\AppPatch64\EMET64.dll
    Report ID: e8b7058f-c97b-11e4-82a7-0019d16e4234
    Faulting package full name:
    Faulting package-relative application ID:

    5) Disabling ALL mitigations for Internet Explorer in the EMET 'Applications List' doesn't solve the issue.  Internet Explorer has to be completely removed from the EMET 'Applications List' in order to prevent it from crashing.

    6) Problem occurs regardless of whether Internet Explorer is running in 'Enable Enhanced Protected Mode' with 'Enable 64-bit processes for Enhanced Protected Mode' or not.

    7) Needed to uninstall EMET 5.2 and go back to 5.1

    In my case, as soon as I open IE, it crashes almost immediately. Deeply disappointed at MS now. First, there had happened a few times last year that Windows Update bricked the entire OS, for at least two times. Now it's this shxt. It's truly a disgrace. With EVERY Windows update, the size of the OS increases by at least 2 GB each month. For my OS drive (120GB SSD) it's quite significant. I DON'T UNDERSTAND why the fxxk MS would push out such huge Windows Update every single month. To me, it's another evidence how incompetent programmers at MS become. They have to heavily patch the holes in the OS every 30 DAYS, otherwise the OS will be taken advantage of by hackers. What a pathetic situation for MS. 

    I already decide to switch to Ubuntu and WPS Office Suite. I am typing this post on my Ubuntu 14.04.2 laptop. Bye-bye MS.


    • Edited by oliverjia Saturday, March 14, 2015 2:40 PM
    Saturday, March 14, 2015 2:34 PM
  • The faulting check is the CERTIFICATE PINNING check. Disable that and you'll be okay.

    This feedback has been provided to the alias.

    Thanks for the info.

    So you have to disable some built-in security features of the browser in order to use this "mitigation toolkit"? LOL sounds like a joke to me. This is a non-solution to me.

    Saturday, March 14, 2015 2:44 PM
  • Same for me. I install EMET 5.2 last night, and IE11 just crash.
    Saturday, March 14, 2015 3:06 PM
  • Same here. I thought this is caused by my router's config page, but I tried to visit amazon and crashed there as well.
    Saturday, March 14, 2015 4:46 PM
  • So you have to disable some built-in security features of the browser in order to use this "mitigation toolkit"? LOL sounds like a joke to me. This is a non-solution to me.

    No, certificate pinning is an EMET feature, it's actually called 'Certificate Trust (pinning)' in the EMET settings.
    Monday, March 16, 2015 12:45 AM
  • EMET 5.2 works flawlessly like EMET 5.1 has running Internet Explorer 11 Protected Mode: Enabled on Windows 7.

    All default settings in EMET enabled.

    Monday, March 16, 2015 3:34 AM
  • Windows 8.1 Enterprise Evaluation ("Windows Update" all patches installed)

    EMET Version 5.2.5546.19547, "Maximum security settings"

    IE version - 11.0.9600.17690, Update Versions: 11.0.17 (KB3032359)

    APPCRASH :(

    ---

    - System
    
      - Provider
    
       [ Name]  Application Error
    
      - EventID 1000
    
       [ Qualifiers]  0
    
       Level 2
    
       Task 100
    
       Keywords 0x80000000000000
    
      - TimeCreated
    
       [ SystemTime]  2015-03-16T03:35:14.000000000Z
    
       EventRecordID 944
    
       Channel Application
    
       Computer test-pc
    
       Security
    
    
    - EventData
    
       IEXPLORE.EXE
       11.0.9600.17416
       5452eed9
       EMET.DLL
       5.2.0.0
       54ff88bd
       c0000005
       00028caf
       470
       01d05f9a33c18464
       C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
       C:\Windows\AppPatch\EMET.DLL
       7491dfec-cb8d-11e4-825e-000c294e3f81 

    ---

    - System
    
      - Provider
    
       [ Name]  Windows Error Reporting
     
      - EventID 1001
    
       [ Qualifiers]  0
     
       Level 4
     
       Task 0
     
       Keywords 0x80000000000000
     
      - TimeCreated
    
       [ SystemTime]  2015-03-16T03:35:16.000000000Z
     
       EventRecordID 945
     
       Channel Application
     
       Computer test-pc
     
       Security
     
    
    - EventData
    
        
       0
       APPCRASH
       Not available
       0
       IEXPLORE.EXE
       11.0.9600.17416
       5452eed9
       EMET.DLL
       5.2.0.0
       54ff88bd
       c0000005
       00028caf
        
        
       C:\Users\user\AppData\Local\Temp\WER8DF.tmp.WERInternalMetadata.xml
       C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_IEXPLORE.EXE_fc5d4bd7efc522b897621d5e4a4d53a999b87bc_94bdf341_06420da2
        
       0
       7491dfec-cb8d-11e4-825e-000c294e3f81
       97
    

    • Edited by GSmith15 Monday, March 16, 2015 4:03 AM
    Monday, March 16, 2015 3:43 AM
  • Windows 8.1 Enterprise Evaluation ("Windows Update" all patches installed)

    EMET Version 5.2.5546.19547, "Recommended security settings"

    IE version - 11.0.9600.17690, Update Versions: 11.0.17 (KB3032359)

    APPCRASH :(

    ---

    - System
    
      - Provider
    
       [ Name]  Application Error
    
      - EventID 1000
    
       [ Qualifiers]  0
    
       Level 2
    
       Task 100
    
       Keywords 0x80000000000000
    
      - TimeCreated
    
       [ SystemTime]  2015-03-16T03:45:39.000000000Z
    
       EventRecordID 1000
    
       Channel Application
    
       Computer test-pc
    
       Security
    
    
    - EventData
    
       IEXPLORE.EXE
       11.0.9600.17416
       5452eed9
       EMET.DLL
       5.2.0.0
       54ff88bd
       c0000005
       00028caf
       b68
       01d05f9ba67a95e3
       C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
       C:\Windows\AppPatch\EMET.DLL
       e8f89d36-cb8e-11e4-825f-000c294e3f81 
    ---
    - System
    
      - Provider
    
       [ Name]  Windows Error Reporting
     
      - EventID 1001
    
       [ Qualifiers]  0
     
       Level 4
     
       Task 0
     
       Keywords 0x80000000000000
     
      - TimeCreated
    
       [ SystemTime]  2015-03-16T03:45:43.000000000Z
     
       EventRecordID 1001
     
       Channel Application
     
       Computer test-pc
     
       Security
     
    
    - EventData
    
       73932696269
       1
       APPCRASH
       Not available
       0
       IEXPLORE.EXE
       11.0.9600.17416
       5452eed9
       EMET.DLL
       5.2.0.0
       54ff88bd
       c0000005
       00028caf
        
        
       C:\Users\user\AppData\Local\Temp\WERFE36.tmp.WERInternalMetadata.xml
       C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_IEXPLORE.EXE_fc5d4bd7efc522b897621d5e4a4d53a999b87bc_94bdf341_09f90edf
        
       0
       e8f89d36-cb8e-11e4-825f-000c294e3f81
       0
       b4d2f90d478ab772682be18eb6e26491
    



    • Edited by GSmith15 Monday, March 16, 2015 4:01 AM
    Monday, March 16, 2015 3:51 AM
  • The faulting check is the CERTIFICATE PINNING check. Disable that and you'll be okay.

    yes, this temporary solution works, but I hope EMET development team will fix this error in the future.

    good start for a more secure future :)

    Monday, March 16, 2015 3:59 AM
  • The faulting check is the CERTIFICATE PINNING check. Disable that and you'll be okay.

    This feedback has been provided to the emet_feedback@Microsoft.com alias.

    Well it does not work for me IE removed from configuration all trust entries deleted, system rebooted and IE still crashes. All I have to do is start it and leave it on the home page which is set at about:blank and after a few seconds it will crash:

    Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91
    Faulting module name: EMET64.dll, version: 5.2.0.0, time stamp: 0x54ff88ee
    Exception code: 0xc0000005
    Fault offset: 0x0000000000048417
    Faulting process ID: 0x1f7c
    Faulting application start time: 0x01d05fe666ed5d68
    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
    Faulting module path: C:\Windows\AppPatch\AppPatch64\EMET64.dll
    Report ID: b689dca5-cbd9-11e4-841a-00019510a995
    Faulting package full name:
    Faulting package-relative application ID:

    Win 8.1Pro 64bit fully patched and up to date


    Regards Ray



    • Edited by ray.g Monday, March 16, 2015 12:47 PM
    Monday, March 16, 2015 12:45 PM
  • The faulting check is the CERTIFICATE PINNING check. Disable that and you'll be okay.

    This feedback has been provided to the emet_feedback@Microsoft.com alias.


    Nope, that did not help. Plus, breaking your own browser with your own security tools is beyond ridiculous... #fail
    Monday, March 16, 2015 11:20 PM
  • To those with issues regarding IE 11 may find that a reissue of EMET 5.2 made today 3/16/15 appears to fix the problem, http://blogs.technet.com/b/srd/archive/2015/03/12/emet-5-2-is-available.aspx .  However, no information is offered within the blog other than to note a reissue has been made.  Version number is still 5.2.  Might have expected documentation about the change, but we all know Microsoft.

    Delrel

    Monday, March 16, 2015 11:23 PM
  • To those with issues regarding IE 11 may find that a reissue of EMET 5.2 made today 3/16/15 appears to fix the problem, http://blogs.technet.com/b/srd/archive/2015/03/12/emet-5-2-is-available.aspx .  However, no information is offered within the blog other than to note a reissue has been made.  Version number is still 5.2.  Might have expected documentation about the change, but we all know Microsoft.

    Delrel


    Excellent. This reissued one crashes Google Chrome with EAF+ instead, causing such incredible flood of pop-ups that I barely could keep up the pace closing them while trying to kill Chrome... *facepalm*
    Monday, March 16, 2015 11:48 PM
  • Google EXPRESSLY says do not run EMET with Chrome.
    Tuesday, March 17, 2015 12:27 AM
  • Google EXPRESSLY says do not run EMET with Chrome.

    The whole point was that MS should stop shipping broken default protection profiles and do some testing... They've done that with Skype as well previously, now here we go - IE and Chrome. I really wonder if anyone's testing this before shipping or whether it's the Black Tuesday model company-wide these days. The repeated SHA-2 hotfix fiasco (KB2949927 / KB3033929) suggests the latter.
    Tuesday, March 17, 2015 6:43 AM
  • Same issue here with IE11 and EMET 5.2, even browsing to internal SharePoint sites will result in an IE11 crash. After disabling Certificate Pinning it works fine again, however this is a workaround. Fine for testing, but not for production implementation.
    Tuesday, March 17, 2015 7:10 AM
  • EMET 5.2 got an quick update, no more IE 11 crash on Windows 8.1 in my environment.

    http://blogs.technet.com/b/srd/archive/2015/03/12/emet-5-2-is-available.aspx

    Tuesday, March 17, 2015 3:23 PM
  • It appears MS "quietly" fixed the problem and released a "silent" update of EMET 5.2 with the exact same version # AND BUILD # on their website, as if the previous problematic 5.2 did not ever exist. WOW, what a tactic. Sneaky bastards.
    Tuesday, March 17, 2015 5:03 PM
  • It appears MS "quietly" fixed the problem and released a "silent" update of EMET 5.2 with the exact same version # AND BUILD # on their website, as if the previous problematic 5.2 did not ever exist. WOW, what a tactic. Sneaky bastards.

    It is even exactly the same file size... had to check the SHA1 checksums. Not sure about sneaky, but this is extremely bad and unprofessional practice in the first place.
    Tuesday, March 17, 2015 5:33 PM
  • What's the latest on this? I downloaded EMET 5.2 today and it broke IE 11 in various ways.

    Only by disabling EAF, EAF+, ROP Simumlate Exececution Flow as well as ASR, I could get IE to run.

    This version was supposed to run better with Enhanced Protected Mode (EPM); but it is worse now.

    Monday, March 30, 2015 8:36 PM
  • Google EXPRESSLY says do not run EMET with Chrome.
    Where did you see this?
    Friday, April 24, 2015 1:51 PM
  • Where did you see this?

    Here are some notes on this: https://www.chromium.org/Home/chromium-security/security-faq#TOC-Can-I-use-EMET-to-help-protect-Chrome-against-attack-on-Microsoft-Windows-
    Sunday, May 31, 2015 1:42 PM
  • I had the same problem with IE 11.  Started last Thursday on my wife's computer, and I've done nothing but mess with it since.  I couldn't find any sign of EMET on her computer and was still having the problem.  Try to open IE and it would give me a popup telling me it had stopped working, then one looking for the cause.  Yea, right.  So today, I thought maybe I should download EMET 5.1, as I'd read where there were problems with 5.0.  Guess what, It still doesn't work.  I've even unchecked all the columns for IE, to no avail.  We're ready to say the hell with it and buy a new computer.  Either that or go back to a pencil and paper.  Can't be any worse than wasting the last three days trying to get IE going again.  Maybe it's time to go to a Mac.  My deceased brother-in-law had one and swore by it.  No problems what so ever!! 

    Thanks for letting me vent and hope that maybe someone will have a great way to take care of this.  Either that, or I guess I could do a little 'fine tuning' with a ball peen hammer.:-))

    Grizzly Bear

    Monday, July 13, 2015 4:25 AM
  • I think they must work for our government, such as it is. Fix one thing and screw up six more. Job security, I guess.:-))
    Monday, July 13, 2015 4:30 AM
  • hi!

    after installed EMET 5.2 - windows 10 - my IE 11 didn't open at all, MS EDGE works normal. I change only EAF to disable in APPS setting and IE is working .... normally up to now ;-) 

    Thursday, September 3, 2015 9:22 PM
  • All these threads are old!  I have upgraded to EMET 5.2 and Windows 8.1, and have all patches with "Certificate Trust Pinning" enabled and have yet to see it crash....  

    Wednesday, October 14, 2015 5:45 PM
  • Hi, I had same issue in Win10 after upgarde

    and for me was to disable the EAF IE start works..

    Sunday, March 27, 2016 12:30 PM