M0950 Exploit Protection
Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
| Item | Value |
|---|---|
| ID | M0950 |
| Version | 1.0 |
| Created | 11 June 2019 |
| Last Modified | 30 March 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Addressed by Mitigation
| Domain | ID | Name | Use |
|---|---|---|---|
| ics | T0817 | Drive-by Compromise | Utilize exploit protection to prevent activities which may be exploited through malicious web sites. |
| ics | T0819 | Exploit Public-Facing Application | Web Application Firewalls may be used to limit exposure of applications to prevent exploit traffic from reaching the application. 3 |
| ics | T0820 | Exploitation for Evasion | Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. 1 Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. 2 Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted. |
| ics | T0890 | Exploitation for Privilege Escalation | Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. 1 Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. 2 Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted. |
| ics | T0866 | Exploitation of Remote Services | Security applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior. 1 Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring. 2 Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted. |
References
-
Microsoft Security Response Center 2017, August Moving Beyond EMET II Windows Defender Exploit Guard Retrieved. 2020/09/25 ↩↩↩
-
Wikipedia Microsoft Security Response Center 2017, August Moving Beyond EMET II Windows Defender Exploit Guard Retrieved. 2020/09/25 Control-flow integrity Retrieved. 2020/09/25 ↩↩↩
-
Karen Scarfone; Paul Hoffman 2009, September Guidelines on Firewalls and Firewall Policy Retrieved. 2020/09/25 ↩