Menu
Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

The technology can now block websites or malicious ads that try to exploit vulnerabilities in popular software

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.

Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.

To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.

While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.

According to Microsoft, this year exploit kit authors have integrated exploits for 4 new vulnerabilities within 30 days after they were patched, for 6 flaws within 10 days, and for 5 before they even had a fix available.

A popular method of targeting users' browsers with exploit kits is through malicious advertisements displayed on popular websites, or malvertising.

While ad networks have been trying to prevent such abuse for years, attackers still manage to find ways around their defenses because of the highly complex nature of the online advertising ecosystem where ads can pass through five or more intermediaries before they reach a user's browser.

With the latest update for Windows 10, Microsoft has extended SmartScreen to block drive-by attacks in Microsoft Edge and Internet Explorer 11, the Microsoft Edge Team said Wednesday in a blog post.

The new capability is based on the security intelligence that Microsoft receives from multiple products such as Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET).

Thanks to this data, which includes behavioral telemetry, SmartScreen can even detect attacks that exploit zero-day vulnerabilities, according to Microsoft.

For example, in December last year, Defender and EMET picked up new exploits that were targeting millions of users through malicious ads, the company said. Those exploits were part of an exploit kit called HanJuan and were targeting a previously unknown vulnerability in Flash Player that was later reported to Adobe and patched.

When SmartScreen blocks drive-by download attacks, it will display a red warning instead of the Web page that the user is trying to access, or inside a frame on that Web page. That's because the technology can selectively block malicious ads loaded inside HTML frames on legitimate websites, while letting users interact with the rest of the content of those websites.

"When drive-by attacks target vulnerabilities that have already been fixed in popular software, your browser, or your operating system, it’s vital that you install security updates when they become available," the Microsoft Edge Team said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments