mardi 18 juin 2013

[Security] Enhanced Mitigation Experience Toolkit 4.0 available

Enhanced Mitigation Experience Toolkit 4.0 is available.

The Enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system.

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:

  • No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.
  • Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.
  • Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.
  • Ease of use: The policy for system wide mitigations can be seen and configured with EMET's graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.
  • Ease of deploy: EMET comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.
  • Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready

The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.

Below is a summary of the features and changes that are included with the EMET 4.0 release:

  • Certificate Trust: considering the raise of PKI-related attacks, we decided to implement a configurable SSL Certificate Pinning to try to detect Man in the Middle attacks that leverage SSL/TLS certificates. The Certificate Trust feature in EMET is rule-based and allows to pin a specific SSL/TLS certificate to a trusted Root Certificate Authority.
  • ROP mitigations and hardening: in the last Technical Preview release of EMET, we introduced some mitigations to try to stop ROP-based attacks by implementing some of the winner ideas of the BlueHat Prize contest. With this new EMET release we hardened the ROP and other mitigations to detect and stop novel attack techniques.
  • Early Warning Program: this feature will allow EMET to send contextual data back to Microsoft, through the standard Windows Error Reporting channel, every time that an exploit has been detected and stopped. We are adding this feature to help us respond to new 0day exploits as soon as possible.
  • Audit mode: if an exploit is detected, EMET will not terminate the attacked process but it will just report the attack and let the process continue. This mode is only applicable to certain mitigations, for example the anti-ROP ones, that detect the attack when the process is not already in a crashed state. This feature is useful for enterprise customers for testing purposes and to spot false-positives and app-compat problems without compromising the user experience.

EMET 4.0 also includes bug fixes and UI changes to improve the overall user experience. Also, at the end of the installation, EMET will offer the user to automatically apply recommended settings to protect Internet Explorer, Microsoft Office, Adobe Acrobat/Reader, and Oracle Java, as well as a pre-defined set of rules for the Certificate Trust feature that will monitor the main Microsoft and other popular online services. More information are available in the User Guide, available in the EMET installation folder.

The tool is available here : Enhanced Mitigation Experience Toolkit 4.0

jeudi 13 juin 2013

mardi 4 juin 2013

[Windows Server] Windows Server 2012 R2 announced and WS 2012 R2 Overview White Paper released

Microsoft has just presented Windows Server 2012 R2 and released its overview White Paper.

Overview


At the heart of the Microsoft Cloud OS vision, Windows Server 2012 R2 brings Microsoft’s experience delivering global-scale cloud services into your infrastructure. Windows Server 2012 R2 offers exciting new features and enhancements across virtualization, storage, networking, virtual desktop infrastructure, access and information protection, and more. Windows Server 2012 R2 is currently in preview and will be available soon for evaluation purposes.


Benefits


Enterprise-class

New and enhanced features allow you to take advantage of even better performance and more efficient capacity utilization in your datacenter, helping you increase the agility of your business. Windows Server 2012 R2 offers a proven, enterprise-class virtualization and cloud platform that can scale to continuously run your largest workloads while enabling robust recovery options to protect against service outages.

Simple and cost-effective

Windows Server 2012 R2 also gives you resilient, multi-tenant-aware storage and networking capabilities for a wide range of workloads. It delivers these capabilities at a fraction of the cost of other solutions, through the use of low-cost, industry-standard hardware. With automation of a broad set of management tasks built-in, Windows Server 2012 R2 simplifies the deployment of major workloads and increases operational efficiencies.

Application focused

Windows Server 2012 R2 helps you build, deploy and scale applications and web sites quickly, and with more flexibility than ever before. In concert with Windows Azure VM and System Center 2012 R2, it unlocks improved application portability between on-premises environments and public and service provider clouds, increasing flexibility and elasticity of your IT services. Windows Server 2012 R2 provides a scalable, highly available platform for mission-critical applications and offers enhanced support for open standards, open source applications and various development languages.

User-centric

Windows Server 2012 R2 makes it easier to deploy a virtual desktop infrastructure, and can lower storage costs significantly by supporting a broad range of storage options and VHD de-duplication. Virtual Desktop Infrastructure in Windows Server 2012 R2 makes it possible for users to access IT from virtually anywhere, providing them a rich Windows experience while ensuring enhanced data security and compliance.

Windows Server 2012 R2 enables you to provide access to corporate resources and helps protect critical business information. With Windows Server 2012 R2, you can manage identities across your datacenter and federated into the cloud, provide flexible remote access to applications and resources, and define the resources and level of access users have to information based on who they are, what they are accessing, and what device they are using.


Here is the Windows Server 2012 R2 white paper : Windows Server 2012 R2 Overview White Paper