Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Important EMET 5.1 Update. Apply before Patches today

Microsoft yesterday release EMET 5.1 . One particular sentence in Microsoft's blog post suggests that you should apply this update (if you are using EMET) BEFORE you apply the Interent Explorer patch Microsoft is going to release in a couple of hours:

"If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation."

For full details, and features added in EMET 5.1, see Microsoft's blog post [1]


Johannes B. Ullrich, Ph.D.

I will be teaching next: Intrusion Detection In-Depth - SANS Doha March 2022


4347 Posts
ISC Handler
Nov 11th 2014
I had IE crashing with EMET 5.0 before the November updates. The problem was the same EAF+ mitigation as indicated on Technet blog.

After updating to EMET 5.1 the Office 2013 Word can not be started when EAF mitigation is on. EAF+ was already disabled on recommended EMET 5.1 settings (offered by the installation), now I have to disable the EAF mitigation too..

Kind of takes a way the trust for the EMET to do anything usefull.

13 Posts
I would say that it is Office 2013 that needs the update. EMET is running ahead of the curve on being able to keep O-day exploits to a minimum. Unfortunately Office 2013 is running behind the curve.

5 Posts

Sign Up for Free or Log In to start participating in the conversation!