Microsoft Volume Licensing Blogtwitter

The exploit malware family

Exploits take advantage of weaknesses or “vulnerabilities” in common software, such as Java and Flash.

A vulnerability is like a hole in your software that malware can use to get onto your PC. Exploits are written to take advantage of these vulnerabilities.

Some of the worst exploits allow attackers to run malicious code on your PC without your knowledge.

The three most common exploit types are:

  • Java

  • HTML/JavaScript

  • Documents (for example, PDF or Word documents)


Most vulnerabilities are preventable. You will significantly reduce your chance of being infected by an exploit if you keep all your software up to date.

The most commonly detected exploits are those that attack vulnerable versions of Java.

You can prevent most Java exploits by making sure your software is up to date and removing older versions of Java.

How exploit attacks work with other malware

Often, an exploit detection on your PC is just one piece of a much larger attack. Hackers usually use a large number of exploits against different software to gain access to your PC.

If your security software detects an exploit in your Java cache, it’s likely that an attempt to compromise your PC has been made. This applies to HTML/JavaScript exploits as well.

An exploit detection may be triggered by your antivirus software when you visit a website that contains malicious exploit code - even if you are not using the vulnerable software being targeted. This does not mean that you have been compromised. It means that an attempt to compromise your PC has been made.

How exploits are distributed

The most common method used by attackers to distribute exploits is through webpages, but exploits may also arrive by email.

When you visit a website with malicious code while using vulnerable software, the exploit may be loaded. It’s important to note that some legitimate websites might unknowingly and unwillingly host malicious code in their advertising. This means that if you visit a site that is hosting these malicious ads an attempt to compromise your PC will be made.

How we name exploits

A project called "Common Vulnerabilities and Exposures (CVE)" is used by many security software vendors. The project gives each vulnerability a unique number, for example, CVE-2013-0422.

The portion "2013" refers to the year the vulnerability was discovered. The "0422" is a unique ID for this specific vulnerability.

You can read more on the CVE website.