Want to beat Microsoft's Windows security defenses? Poke some 32-bit software
Two chaps claim to have discovered how to trivially circumvent Microsoft's Enhanced Mitigation Experience Toolkit (EMET) using Redmond's own compatibility tools.
A report [PDF] by the duo at Duo Security describes how the Windows on Windows (WoW64) environment can be abused to bypass builtin security tools.
WoW64 allows 32-bit applications to run on 64-bit Windows installations. At its core, it works by trapping system calls made by code running in 32-bit mode, and jumping to 64-bit long mode before letting Windows handle the call. By taking advantage of the mode changes, we're told, it is possible to smuggle malicious code past EMET's barriers, which ordinarily do a good job of blocking vulnerability exploits.