An error occurred:

Check: WINEM-000081

Windows 2003 MS STIG: WINEM-000081 (in version v6 r37)

Title

The Enhanced Mitigation Experience Toolkit (EMET) Protection Profile for Popular Software must be implemented. (Cat II impact)

Discussion

Attackers are constantly looking for vulnerabilities in systems and applications. The Enhanced Mitigation Experience Toolkit can enable several mechanisms, such as Data Execution Prevention (DEP) on the system and applications adding additional levels of protection.

Check Content

This is applicable to unclassified systems, for other systems this is NA. Verify the "Popular Software" Protection Profile has been implemented. This implements mitigations to protect Internet Explorer, Office programs, and numerous third party applications. If the following registry subkeys do not exist, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\EMET\ The subkeys will include the following: 7z.exe 7zfm.exe 7zg.exe acrobat.exe acrord32.exe chrome.exe communicator.exe excel.exe firefox.exe foxit reader.exe googletalk.exe iexplore.exe infopath.exe itunes.exe java.exe javaw.exe javaws.exe lync.exe mirc.exe msaccess.exe mspup.exe ois.exe opera.exe outlook.exe photoshop.exe pidgen.exe plugin-container.exe powerpnt.exe pptview.exe quicktimeplayer.exe rar.exe realconverter.exe realplay.exe safari.exe skydrive.exe skype.exe thunderbird.exe unrar.exe visio.exe vlc.exe vpreview.exe winamp.exe windowslivewriter.exe winrar.exe winword.exe winzip32.exe winzip64.exe wlmail.exe wlxphotogallery.exe wmplayer.exe wordpad.exe Additional details of the implementation can be viewed with the following. Open a command prompt. Navigate to the EMET installation directory, typically \Program Files\EMET. Execute the following command - "EMET_Conf --list".

Fix Text

This is applicable to unclassified systems, for other systems this is NA. Open a command prompt. Navigate to the EMET installation directory, typically \Program Files\EMET. Execute the following command -'EMET_Conf --import "deployment\protection profiles\popular software.xml"' The Enhanced Mitigation Experience Toolkit must be installed on the system to make this setting available.

Additional Identifiers

Rule ID: SV-50507r5_rule

Vulnerability ID: V-36704

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002824

Implement organization-defined controls to protect the system memory from unauthorized code execution.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-16

Memory Protection