A quick post on a small fact we became aware of this week. As you will likely be aware Microsoft publishes the Enhanced Mitigation Experience Toolkit (EMET). In the words of Microsoft, EMET provides the following functionality:
"The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult to perform as possible. In many instances, a fully-functional exploit that can bypass EMET may never be developed."
Think of EMET as a massive plaster (band aid) for legacy software that missed the memo about defensive compiler features.
After our analysis of KB2639308 it dawned on us that there is some small print associated with EMET as well. The small print is to do with the inability to randomize the location of the base binary when applying Address Space Layout Randomization. Due to relocations being omitted, the reason that KB2639308 can't randomize base binaries generally, also applies to EMET. So while you will gain some benefit by virtue of the DLLs being randomized you will still have some executable memory at a static location across runs.
So that's it, nothing to panic about but something to keep in mind..