Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits
Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.
Such attacks are known as drive-by downloads, because they don’t require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.
To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.
While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they’ve exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.