Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Important EMET 5.1 Update. Apply before Patches today - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Important EMET 5.1 Update. Apply before Patches today

Microsoft yesterday release EMET 5.1 . One particular sentence in Microsoft's blog post suggests that you should apply this update (if you are using EMET) BEFORE you apply the Interent Explorer patch Microsoft is going to release in a couple of hours:

"If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation."

For full details, and features added in EMET 5.1, see Microsoft's blog post [1]


Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4478 Posts
ISC Handler
Nov 11th 2014
I had IE crashing with EMET 5.0 before the November updates. The problem was the same EAF+ mitigation as indicated on Technet blog.

After updating to EMET 5.1 the Office 2013 Word can not be started when EAF mitigation is on. EAF+ was already disabled on recommended EMET 5.1 settings (offered by the installation), now I have to disable the EAF mitigation too..

Kind of takes a way the trust for the EMET to do anything usefull.

13 Posts
I would say that it is Office 2013 that needs the update. EMET is running ahead of the curve on being able to keep O-day exploits to a minimum. Unfortunately Office 2013 is running behind the curve.

5 Posts

Sign Up for Free or Log In to start participating in the conversation!