deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Beth Levin
2018-08-14 10:16:23 -07:00
parent f454c85372
commit 79d514c324
8 changed files with 47 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
windows/security/intelligence/exploits-malware.md
View File

@ -12,7 +12,7 @@ ms.date: 08/01/2018
---
# Exploits and exploit kits
Exploits take advantage of vulnerabilities in software. A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware exploits these vulnerabilities to bypass your computer's security safeguards to infect your device.
Exploits take advantage of vulnerabilities in software. A vulnerability is like a hole in your software that malware can use to get onto your device. Malware exploits these vulnerabilities to bypass your computer's security safeguards to infect your device.
## How exploits and exploit kits work
@ -22,21 +22,24 @@ Exploit kits are more comprehensive tools that contain a collection of exploits.
The most common method used by attackers to distribute exploits and exploit kits is through webpages, but exploits can also arrive in emails. Some websites unknowingly and unwillingly host malicious code and exploits in their ads.
The infographic below shows how an exploit kit might attempt to exploit a PC when a compromised webpage is visited.
The infographic below shows how an exploit kit might attempt to exploit a device when a compromised webpage is visited.
![example of how exploit kits work](./images/ExploitKit.png)
*Example of how exploit kits work*
Several notable threats, including Wannacry, exploit the Server Message Block (SMB) vulnerability CVE-2017-0144 (also called EternalBlue) to launch malware.
Several notable threats, including Wannacry, exploit the Server Message Block (SMB) vulnerability CVE-2017-0144 to launch malware.
Examples of exploit kits:
Prevalent exploit kits include:
- Angler / [Axpergle](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=JS%2fAxpergle)
- [Neutrino](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=JS%2fNeutrino)
- [Nuclear](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Exploit:JS/Neclu)
To learn more about exploits, read this blog post on [taking apart a double zero-day sample discovered in joint hunt with ESET.](https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/)
## How we name exploits
We categorize exploits in our Malware encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.
@ -48,6 +51,6 @@ You can read more on the [CVE website](https://cve.mitre.org/).
## How to protect against exploits
The best prevention for exploits is to keep your organization's software up-to-date. Software vendors provide updates for many known vulnerabilities and making sure these updates are applied to all devices is an important step to prevent malware.
The best prevention for exploits is to keep your organization's [software up to date](https://portal.msrc.microsoft.com/). Software vendors provide updates for many known vulnerabilities and making sure these updates are applied to all devices is an important step to prevent malware.
For more general tips, see [prevent malware infection](prevent-malware-infection.md).