Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against software exploits.

Researchers from security vendor FireEye have found a method through which exploits can unload EMET-enforced protections by leveraging a legitimate function in the tool itself.

Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. However, it’s likely that many users haven’t upgraded yet, because the new version mainly adds compatibility with Windows 10 and doesn’t bring any new significant mitigations.

To read this article in full or to leave a comment, please click here