Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

The technology can now block websites or malicious ads that try to exploit vulnerabilities in popular software

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.

Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.

To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.

While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.

According to Microsoft, this year exploit kit authors have integrated exploits for 4 new vulnerabilities within 30 days after they were patched, for 6 flaws within 10 days, and for 5 before they even had a fix available.

A popular method of targeting users' browsers with exploit kits is through malicious advertisements displayed on popular websites, or malvertising.

While ad networks have been trying to prevent such abuse for years, attackers still manage to find ways around their defenses because of the highly complex nature of the online advertising ecosystem where ads can pass through five or more intermediaries before they reach a user's browser.

With the latest update for Windows 10, Microsoft has extended SmartScreen to block drive-by attacks in Microsoft Edge and Internet Explorer 11, the Microsoft Edge Team said Wednesday in a blog post.

The new capability is based on the security intelligence that Microsoft receives from multiple products such as Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET).

Thanks to this data, which includes behavioral telemetry, SmartScreen can even detect attacks that exploit zero-day vulnerabilities, according to Microsoft.

For example, in December last year, Defender and EMET picked up new exploits that were targeting millions of users through malicious ads, the company said. Those exploits were part of an exploit kit called HanJuan and were targeting a previously unknown vulnerability in Flash Player that was later reported to Adobe and patched.

When SmartScreen blocks drive-by download attacks, it will display a red warning instead of the Web page that the user is trying to access, or inside a frame on that Web page. That's because the technology can selectively block malicious ads loaded inside HTML frames on legitimate websites, while letting users interact with the rest of the content of those websites.

"When drive-by attacks target vulnerabilities that have already been fixed in popular software, your browser, or your operating system, it’s vital that you install security updates when they become available," the Microsoft Edge Team said.

Join the CSO newsletter!

Error: Please check your email address.

More about MicrosoftToolkit

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place