Microsoft Malware Protection Center - Exploit malware family

Malware Protection Center

Account

Security software
- - Definitions for Microsoft security software
    
    Download the latest definitions
    
    View threats detected with the latest definitions
    
    View threats detected with NIS (Forefront Endpoint Protection 2012 and Microsoft Security Essentials only)
    
    Download pre-release definitions
- - Microsoft security software
    
    View security products
    
    Choose the right security software
About malware
- - Learn more about malware
    
    Exploits
    
    Ransomware
    
    Rogues
    
    Rootkits
- - Malware encyclopedia
    
    Search the encyclopedia
    
    View the glossary
    
    Malware naming conventions
Our research
- - Microsoft Malware Protection Center research
    
    About Microsoft’s malware research
    
    Microsoft threat reports
    
    Conference papers and presentations
    
    The Microsoft Malware Protection Center blog
    
    The Microsoft Security Intelligence Report
- - Certifications
    
    Microsoft real-time protection
    
    AV certification vendors
For vendors
- - Resources for vendors
    
    How to dispute a detection
    
    How Microsoft classifies potentially unwanted software
Help
- - Top issues
    
    I think the same malware keeps reinfecting my computer
    
    I can’t remove malware from my computer
    
    I can’t update my antivirus software
    
    I receive an error code from my antivirus software
- - Update your software
    
    Why you should update your software
    
    Update Java and Adobe products
    
    Update Microsoft security software
- - Other help topics
    
    Help prevent malware infections
    
    Malware help
    
    Microsoft security software help
    
    Sample submission help
    
    Submit a malware sample
    
    Report a false positive
    
    More help topics
About

Follow:

“Exploits” are written to take advantage of weaknesses (or "vulnerabilities") in software.

Vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability, or confidentiality of the software or the data that it contains. Some of the worst vulnerabilities allow attackers to run malicious code on your computer without your knowledge.

The top three most commonly-detected exploit types are, in order of prevalence:

Java
HTML/JavaScript
Documents (for example, PDF or Word documents)

Prevention

Most vulnerability exploits are preventable. If you keep all your software up to date, you will significantly reduce your chance of being compromised in this way.

The Updating your software page has more information on how and why you need to update vulnerable software.

The most commonly-detected exploits attack vulnerable versions of Java.

To prevent Java infections

You can prevent most Java infections by making sure your Java software is up-to-date, and removing older versions of Java to prevent them being exploited.

You can read about how to do this in the following articles:

To remediate Java malware

The nature of Java exploit infections mean that you may need to take some steps to prevent being vulnerable from this, and other Java exploits. We suggest you:

How we name exploits

A project called "Common Vulnerability Enumeration" (or "CVE"), used by many vendors and organizations, gives each vulnerability a unique number, for example, "CVE-2013-0422". The portion "2013" refers to the year the vulnerability was discovered, and "0422" is a unique ID for this specific vulnerability. The official source that gives out CVE identifiers lists this at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422.

Exploit attack overview

Often, an exploit detection on your computer is just one piece of a much larger attack. Attackers that attempt to exploit a vulnerability in your software rarely try and exploit a single vulnerability, instead attackers commonly use an arsenal of exploits on a number of different software, in their attempt to gain access to your computer.

If your security software detects an exploit in your Java cache, it’s likely that an attempt to compromise your computer has been made. This applies to HTML/JavaScript exploits as well.

Note: An exploit detection may be triggered by your antivirus software when you visit a website that contains malicious exploit code—even if you are not using the vulnerable software being targeted. This does not mean that you have been compromised—it means that an attempt to compromise your computer has been made.

Distribution methods

The most common method used by attackers to distribute exploits is through webpages, but exploits may also arrive via email (in an attachment, for instance).

When you visit a website containing malicious code while using vulnerable software, the exploit may be loaded. It’s important to note that some legitimate websites might unknowingly and unwillingly host malicious applets in advertising frames; this means that if you visit a site that is hosting these malicious applets, an attempt to compromise your computer will be made.

Provide feedback