Today, the Duo Labs team is publishing a research paper on the limitations of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) when applied to processes running under WoW64. Time and time again, the costs and risks associated with new technology adoption drive the software industry to provide backward compatibility layers that aim to ease the transition but instead become sacred, ingrained features.
Often times, these features obfuscate the behavior of and stifle the effectiveness of various security components as is exemplified by this paper. In my opinion it is only when backward compatibility gets taken off the table can evolutionary leaps in our security models be made. The perfect example of this is the contrast of the out-of-the-box security posture of ARM and x86 editions of Windows.
https://www.duosecurity.com/blog/wow64-and-so-can-you
HitmanPro.Alert 3.1 Build 332 BETA
A new build to mitigate the newly disclosed WoW64 bypass by Duo Security.
This build also supports Windows 10 "Threshold 2" build 10586 which was pushed to "Fast Ring" subscribers last week.
Changelog
- Added support for Windows 10 "Threshold 2" build 10586
- Improved SysCall Mitigation to protect against various WoW64 bypasses.
- Improved Installer to handle partly uninstalled installations.