The new EMET, which Microsoft dubbed a "technology preview" to hammer home that the utility wasn't ready for production use, includes five new settings designed to stymie "return-oriented programming" (ROP), an exploit-building technique often used to sidestep DEP.

Many advanced exploits relay on ROP to do their tricks, and the technique has been called the "most pressing attack vector" now facing Windows.

For his BlueHat Prize submission, Fratric created "ROPGuard," a technology that checks each critical function call to determine if it's legitimate.

In an , Fratric explained ROPGuard.

"Unless [the attacker] wants the attack to stay confined in the current process, [he or she] will need to call some 'special' functions to leverage the attack," Fratric said. "The attacker will need to call these functions from the ROP code, either directly or indirectly, and that makes these functions an ideal place to check if the attack is taking place or not."