Microsoft extends EMET end of life date

Microsoft will continue to support and provide security patches for its Enhanced Mitigation Experience Toolkit security software for Windows until July 31 2018, after taking customer feedback into account.

EMET is a security utility software popular with enterprise customers running supported versions of Windows. It uses mitigation techniques to block attackers from exploiting vulnerabilities in software.

The company's lead program manager for operating system security, Jeffrey Sutherland, said while EMET 5.5x will continue to be supported for another 18 months after the original end of life date of January next year, Microsoft recommended customers migrate to Windows 10 for improved security.

Sutherland said EMET has been useful to Microsoft over the years, allowing the company to disrupt exploit kits and protect customers. EMET has also been used to try out new features and security innovations that have then been integrated into Windows 7, 8, 8.1 and 10.

Nevertheless, EMET has some serious drawbacks as well, Sutherland conceded.

Not being an integral part of the operating system means many EMET features were not developed as robust security solutions. They could block exploit techniques used in the past, but could not offer durable protection over time, meaning it's easy to find trivial ways to bypass EMET online, Sunderland said.

EMET also causes serious performance and reliability side effects in both Windows and applications, as it hooks into low-level areas of the operating system in undocumented ways.

"This presents an ongoing problem for customers since every OS or application update can trigger performance and reliability issues due to incompatibility with EMET," Sunderland said.

He pointed to the improved security features integrated into Windows 10 as a better way to achieve protection against vulnerabilities being exploited.

Windows 10 includes all EMET features, such as memory address space layout randomisation and data execution protection, and adds new ones to further reduce vulnerabilities being exploited [pdf].

The latest version of Windows is also able to use hardware virtualisation to protect against hacks and malware, Sutherland said.