IE11 w/ EMET Unhacked at Pwn2Own

17

Over $400,000 has already been given away at the annual Pwn2Own hacking contest where the world’s most popular browsers are exploited for cash prizes.  An item which has been getting very little media attention is a $150,000 prize for exploiting Microsoft Windows Internet Explorer 11 running on 64-bit Windows 8.1, with the Enhanced Mitigation Experience Toolkit (EMET) turned on is still unclaimed.

On the other hand, Google Chrome has been exploited twice, and a handful of exploits for Mozilla Firefox were also shown off.  Internet Explorer was successfully exploited once without EMET turned on.

ie emet

Source: @jmanici



About Author

Suril is a scientist, journalist and obsessive Microsoft observer. He holds an advanced degree in Biotechnology with minors in Biochemistry, Microbiology, and Molecular Biology. Send him tips on twitter: http://www.twitter.com/surilamin

  • hushv

    hard to believe.

    • GG002

      Maybe of interest to you: I’ve had to reinstall Windows twice in the recent past because of Chrome and Firefox letting bad stuff through or somehow messing with registry and killing Windows. The count for IE? None.

      • Eric Wrecher

        Ie11 is a great browser. Fast and proven again and again the most secure.

        • Blue

          The big 5 (plus quite a few more) are all great browsers, I mean, ever tried Mosaic recently? They’ve all come a long way, so really, it’s up to personal preference (don’t be dissuaded away from a browser you love by others! Of course, be open-minded too).

          That being said, it’s always important to take proper security measures when surfing the web.

      • DigTheNoise

        We’ve had similar problems with Chrome recently. Our users keep accidently installing it and then it installs a bunch of other stuff. I traced one drive-by installation from Adobe that nowhere did I see the option to not install it.

      • hushv

        That’s good news. I’m still surprised. BTW, where do i turn on the EMET stuff?

        • Heptagon

          It’s an external program, so just search EMET up and you’ll find it. The latest version is 4.1, but there’s a version 5 preview as well. The nice thing about it is that it’s not limited to just Microsoft programs. MS support can take you from there (it’s just a click-install thing, not too much hassle).

          • hushv

            Okay thanks. Do you have any idea if this EMET is ever going to protect average users by default, Or are they going to leave it as a separate download?

          • Heptagon

            Personally, I like it this way. It keeps an effective security tool out of the spotlight, and so out of hackers’ minds.

  • Dodecahedron

    So Exploit Unicorn remains untouched? Guess I’ll be using EMET then – with all my browsers…

  • Zicoz

    Can’t say that I am surprised that non-MS focused sites aren’t reporting on this….

  • berock212

    Everyone is like “Chrome is the best IE sucks”. Well I’m using IE 11 with 64 bit Windows 8.1. It doesn’t suck so much now.

  • Russ Greeno

    What sort of biased news piece is this? Firstly hardly anyone uses EMET. Secondly Firefox and Chrome on Windows can both be used with EMET the same as IE, but IE is the only one used in conjunction with it for these competitions, then results are meaningless. Would have Chrome or Firefox fallen if EMET was running with them?

    • DesktopForever

      ChromeOS could be used with EMET?