Protection against remote code execution exploits of popular applications in Windows

Abstract

The objective of Malicious Remote Code Execution Exploits is to remotely execute code transparently to the user, and without relying on user interaction, in order to infect targeted machines. This comparative study examines the effectiveness of different proactive exploit mitigation technologies included in popular endpoint security products and specialized anti-exploit tools. The study focuses on exploits of popular applications running on Windows XP SP3 with Internet Explorer (IE8). As such, the Microsoft Enhanced Mitigation Experience Toolkit (MS-EMET) is used as a reference standard for all exploit mitigation solutions. The study compares the effectiveness of endpoint security products and anti-exploit tools by separating measurements of protections in common with MS-EMET from measures of protections supplemental to MS-EMET. This is done in order to understand not just the relative competitive effectiveness of the individual products and tools but also to understand the overall capabilities of the Windows endpoint security solutions to combat the remote code execution exploit capabilities of the overall Windows malware ecosystem.