EMET and MS12-004 Protection

Posted on Updated on

Metasploit added an exploit for MS12-004 today. Also, threat post has an article about attackers using this vulnerability. I decided to quickly test EMET against the Metasploit version, which is currently XP SP3 only. My XP SP3 test machine was running IE 6.0.2900.5512.

With my config.xml from my previous posts, you have IE protected. When EMET is enabled, IE crashes during the exploit preventing it from completing.  If you do not have EMET setup the exploit seem very reliable with IE6.

If you can not patch a system or there is a 0day out there, EMET will help protect against these types of attacks. It may be possible for attacker to bypass the protections that EMET gives you, but attackers do not seem interested at this point in implementing this level of sophistication.

If I get a chance to find the exploit mentioned in the threat post article I’ll be sure to also test it and update the post.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s