Pwn2own is an annual hacking contest held in Vancouver in which hackers are paid cash prizes to pwn (hack in this context) popular computer systems and programs. Every single prize was won this year (2014) except the $150,000 prize for hacking Internet Explorer secured by Enhanced Mitigation Experience Toolkit (EMET), a Microsoft utility designed to ‘prevent vulnerabilities in software from being successfully exploited.’
EMET is free, and uses Data Execution Prevention (DEP) to mark specific sections of memory as non-executable, preventing an attacker from running code on these sections (as they are locked). It also uses Address Space Layout Randomization (ASLR) to randomize where programs and files are stored in memory, so that they cannot be reliably targeted by an attacker. This can occasionally cause problems (i.e. the programs do not work), but specific security rules (or even all of them!) can be disabled in EMET until they work again.
Although primarily aimed at system administrators, EMET is easy for ordinary Windows users to setup, enabling you to quickly add some additional security features, and it will even help secure old Windows XP systems.
Using EMET (an idiots guide)
1. Download, install and run EMET. To secure commonly exploited programs like Internet Explorer, Microsoft Office, Adobe Reader, and (the notoriously insecure) Java, select ‘Use Recommended Settings’ (then click Finish).
2. You can leave it there, or you can import a file ready set up for popular applications. Run EMET GUI from the Star Menu or Start Screen, and click ‘Import’.
Select the Popular Software.xml file that comes with EMET, and click ‘Open’. This file adds additional rules for popular non-Microsoft programs such as iTunes, Firefox, Thunderbird, , Skype, VLC, Photoshop, Chrome, Opera, Pidgin, , WinRAR, and 7-Zip, Google Talk.
Click on ‘Apps’ in the ribbon bar of the main window to view the application rules.
Details about what the settings mean are available by clicking Help -> User Guide on the main window (we actually had to disable the Mitigations for Foxit before we could access the User Guide!)
Custom rules for other programs can be set by right-clicking on a running process in the main window, and selecting ‘Configure Process’.
As we noted earlier, it is a fairly simple task to disable Mitigations for programs that do not work (uncheck the boxes in the App Configuration window, or right-click on the application and ‘Disable All Mitigations’). Multiple apps can be selected at once for this.