Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

The technology can now block websites or malicious ads that try to exploit vulnerabilities in popular software

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.

Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.

To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.

While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.

According to Microsoft, this year exploit kit authors have integrated exploits for 4 new vulnerabilities within 30 days after they were patched, for 6 flaws within 10 days, and for 5 before they even had a fix available.

A popular method of targeting users' browsers with exploit kits is through malicious advertisements displayed on popular websites, or malvertising.

While ad networks have been trying to prevent such abuse for years, attackers still manage to find ways around their defenses because of the highly complex nature of the online advertising ecosystem where ads can pass through five or more intermediaries before they reach a user's browser.

With the latest update for Windows 10, Microsoft has extended SmartScreen to block drive-by attacks in Microsoft Edge and Internet Explorer 11, the Microsoft Edge Team said Wednesday in a blog post.

The new capability is based on the security intelligence that Microsoft receives from multiple products such as Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET).

Thanks to this data, which includes behavioral telemetry, SmartScreen can even detect attacks that exploit zero-day vulnerabilities, according to Microsoft.

For example, in December last year, Defender and EMET picked up new exploits that were targeting millions of users through malicious ads, the company said. Those exploits were part of an exploit kit called HanJuan and were targeting a previously unknown vulnerability in Flash Player that was later reported to Adobe and patched.

When SmartScreen blocks drive-by download attacks, it will display a red warning instead of the Web page that the user is trying to access, or inside a frame on that Web page. That's because the technology can selectively block malicious ads loaded inside HTML frames on legitimate websites, while letting users interact with the rest of the content of those websites.

"When drive-by attacks target vulnerabilities that have already been fixed in popular software, your browser, or your operating system, it’s vital that you install security updates when they become available," the Microsoft Edge Team said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?