After previously stating it was dropping support for EMET in July 2018, Microsoft announced yesterday plans to embed its vaunted EMET security toolkit in the Windows 10 kernel during the operating system's major update, scheduled for October-November 2017.
Microsoft says it turned on its original plan after receiving feedback from experts and the Windows community, all of which was positive towards EMET.
The love for EMET is justifiable and easy to understand. EMET, which stands for Enhanced Mitigation Experience Toolkit, is a standalone application that users can install and bolster the defenses of their Windows operating systems.
Many users install EMET as a complimentary app on top of antivirus software, while others use it as a poor man's antivirus.
Microsoft launched EMET in 2009, and it stopped developing it in 2015 when it launched Windows 10, which included many of EMET's features.
As time went by, the OS maker slowly embedded more features, hence the reason it announced plans to stop supporting the application in July 2018.
User feedback, especially from the cyber-security field, has made it clear to Microsoft that EMET's features are still needed. Plans to embed EMET into Windows 10 were set off in motion after Microsoft released the Creators Update in April this year.
A first version of the Windows 10 Insiders Build with full EMET integration was spotted in mid-June.
At the time, Bleeping Computer reached out to Microsoft and several Microsoft employees for more details. Microsoft hinted that it was testing full EMET integration in Insiders Builds, but declined to confirm that full EMET integration was coming with the Fall Creators Update.
Alex Ionescu, a Windows kernel expert, confirmed to Bleeping Computer that full EMET was embedded in Windows 10 Insiders Builds released two weeks ago.
"[All] EMET features were embedded [in Windows 10] except EAF and EAF+ and ROP Pivot," Ionescu told Bleeping Computer via email, at the time. "It appears these final features are now being integrated as part of the latest OS release."
In two blog posts published today, Microsoft detailed what exactly will happen with EMET starting this fall. According to the OS maker, EMET's features will be grouped together into a new security system called Windows Defender Exploit Guard.
By integrating the power of EMET along with new vulnerability mitigations, Exploit Guard includes prevention capabilities that help make vulnerabilities dramatically more difficult to exploit. In addition, Exploit Guard delivers a new class of capabilities for intrusion prevention. Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organizations from advanced threats, including zero-day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective.
This system will ship with all Windows 10 versions, but Microsoft says customers of its Windows Defener ATP (Advanced Threat Protection) platform will have more power to control how Exploit Guard works.
Earlier this month, Microsoft also confirmed that starting with the Fall Creators Update Windows 10 will ship with SMBv1 disabled. More details in our separate article on SMBv1's deprecation.
UPDATE [June 29, 06:20 EST]: After our article's publication, Microsoft published a third blog post detailing the GUI of the new Exploit Guard features in Windows Defender. Images are here.