News

Microsoft Offers Mitigation Security Tool for ISVs

Microsoft wants you to know that even as you read this article, "people around the world are hunting for vulnerabilities in software applications."

To help thwart such efforts, Microsoft this week announced a new mitigation security utility for application developers and IT professionals. The Enhanced Mitigation Evaluation Toolkit (EMET), currently at Version 1.0.2, is conceived as an "extensible framework" that will include future mitigation technologies as they are released, according to a Microsoft blog.

This EMET release contains just four mitigations: dynamic data execution prevention, heap spray allocation, NULL page allocation and structured exception handing. EMET users can opt into these mitigations for their applications by using the command line in the utility. Users don't have to have to recompile their applications after using the tool, according to the blog.

EMET is the latest component in Microsoft's overall Security Development Lifecycle strategy. It allows developers to write security into applications at a more granular or "command-line" level. Thus, instead of securing an entire application, programmers can code security parameters into a single process.

Security mavens like the idea of going deep into the anatomy of an application rather than just relying on anti-virus software or operating system security functions. For instance, Phil Lieberman, president of Lieberman Software, called EMET "a good value-add for Microsoft ISVs [independent software vendors]."

EMET allows Windows enterprise pros to "harden their applications for free," which is "always a good price," Lieberman said.

"This adds an extra post-production step that allows ISVs to make it much harder for hackers to exploit their applications," he added. "The extra post-production step hardens the rules for memory usage (finer grained protection) and also strengthens the exception mechanisms."

As hackers begin to focus more on specific applications, developers have begun to pay more attention to embedded security. EMET is worth a try in the face of server attacks, automated bugs, browser attacks and stack-buffer overflow exploits, according to Andrew Storms.

"Every third-party partner, application developer or part time coder should at least consider checking out the new EMET from Microsoft," said Storms, director of security at nCircle. "The toolkit makes it even easier to utilize the newest security enhancement mitigations built into the newer Microsoft operating systems."

EMET Version 1.0.2 can be accessed at the Microsoft Download Center here.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Low-Coding in the Age of AI: Dataverse Embraces Copilot, Claude and Cursor

    Microsoft is extending Dataverse into coding-agent marketplaces while expanding its MCP tools, certification program and governance controls.

  • Visual Studio Takes Aim at Copilot Billing Shock

    Beyond Copilot usage visibility, the June update delivers several other enhancements centered on AI-assisted development, security and quality-of-life improvements. Here's a quick rundown of the remaining additions announced by Microsoft.

  • Claude AI Gets Yet Another Boost in VS Code 1.128

    The July 8, 2026, Visual Studio Code update expands agent workflows, chat attachments, browser-tab controls, OS-level shortcuts and enterprise telemetry management.

  • TypeScript 7 Arrives to Rock VS Code with Go-Powered Speed

    Microsoft says TypeScript 7, announced July 8, brings native Go performance to VS Code, Visual Studio and other editors.

Subscribe on YouTube