EMET 4.0 has been released by Microsoft. There are a fair number of changes here.
New User Interface
A new interface allows you to set profiles and quick settings easily.
You’ll notice the new “Wizard” button, which will handle setup entirely for the user. This is great for getting not-so-techy users to install one of the best security programs out there.
Certificate Pinning Support
Certificate pinning is a method in which the operating system matches specific certificates to specific servers. This prevents Man-In-The-Middle attacks that involve using another valid certificate to spoof and intercept the connection. It’s essentially a way to enforce that the site you’re seeing is the site you want to see, and it builds on the CA system. It’s a nice feature, though it is already supported by Chrome and probably Firefox as far as I know.
Users can also add their own certificate verification rules, which is great for anyone who visits sites that use self signed signatures.
The anti-ROP (return oriented programming) mitigation techniques built into EMET 3.5 are now improved for a broader scope. This will prevent new attacks that rely on Return Oriented Programming to bypass DEP. When these methods were first implemented I pointed out the flaws, and these same flaws were later demonstrated by various researchers. We’ll see how these improvements have changed things, if at all.
[…]instead of hooking and protecting only functions at the kernel32!VirtualAlloc layer of the call stack, EMET 4.0 will additional hook lower level functions such as kernelbase!VirtualAlloc and ntdll!NtAllocateVirtualMemory.
Multiple other improvements have been added to address specific issues/ bypasses.
Note that these new features will now also send back a report via the Windows Error Reporting services, with information about exploit attempts on your system.
Default Settings Changed
A really nice feature is that after installation EMET will configure specific apps that Microsoft has tested for compatibility to be enabled. That means that by default you’re protected against a large number of threats, just by installing EMET and doing nothing else. Hugely beneficial.
For more information on EMET see:
For a guide to set EMET up see:
Note that while the guide for set up is for EMET 3.5 it is still almost entirely the same procedure.