Microsoft fixes security tool affecting Chrome

FRAMINGHAM, Mass. — Microsoft Corp. has patched an enterprise security tool that had blocked some copies of Google’s Chrome browser from updating.

The Enhanced Mitigation Experience Toolkit (EMET) “may have potential issues with the update functionality” of Google’s Chrome and Adobe’s Reader and Acrobat, Microsoft said.

EMET, a tool designed for enterprise IT, lets users manually enable important anti-exploit defenses in Windows like DEP (data execution prevention) and ASLR (address space layout randomization) for specific applications. It’s often used to boost the security of older programs.

Microsoft also relies on EMET as a stop-gap in the face of active attacks. For example, in September Microsoft told Reader and Acrobat users to run the tool to fend off exploits some experts had called “scary.”

Google noted the problem with Chrome on Tuesday in a blog post by a pair of its software engineers, who said EMET interfered with the browser ‘s security and thwarted its usual silent updates.

Those engineers also argued that EMET was unnecessary. “Because Chrome already uses many of the same techniques (and more), EMET does not provide any additional protection,” they wrote.

On Wednesday, Microsoft denied that EMET 2.0 monkeyed with Chrome’s security.

“The issue affects only update mechanisms and has no security impact on any third-party products,” said Dave Forstrom, a spokesman for the Microsoft Security Response Center (MSRC), in an e-mail reply to questions.

In Microsoft’s explanation of the EMET compatibility glitch, engineers at MSRC said Adobe and Acrobat users who had configured the tool had been required to reboot their Windows PCs to finalize updates. Normally, Reader and Acrobat updates take effect after the programs have been relaunched and no reboot is necessary.

Chrome’s situation was more complicated, the MSRC engineers said.

“This issue may affect machines with multiple users running Chrome at the same time with each instance configured for use with EMET,” they explained. “If one of those instances is running as an admin [account], it will block the other running instances from self-updating.”

Microsoft updated EMET to version 2.0.0.3 to solve the problems, and urged affected users to download and deploy the update.

(From Computerworld U.S.)
 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now