Microsoft Volume Licensing Blogtwitter

The exploit malware family

Exploits take advantage of weaknesses or “vulnerabilities” in common software, such as Java and Flash.

A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware can then use these vulnerabilities to exploit the way the software works. This then allows the malware to further infect your PC.

Some of the worst exploits allow attackers to run malicious code on your PC without your knowledge.

We categorize exploits in our encyclopedia into the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.


The best prevention for exploits is to keep all of your software up to date.

See our Updating software help page for information on how to keep your software updated, and what you can do to reduce the risk of malware infection your PC.

How exploit attacks work with other malware

Often, an exploit detection on your PC is just one piece of a much larger attack. Malicious hackers often use a large number of exploits to infect your PC with as much malware as they can.

If your security software detects an exploit in your Java cache, it’s likely that an attempt to compromise your PC has been made.

We might alert you about an exploit when you visit a website that contains malicious exploit code even if you aren't using any vulnerable software. This means that the website has tried to infect your PC, whether it was successful or not.

If you ever get alerts about exploits, make sure you run a full scan, just to be on the safe side.

How exploits are distributed

The most common method used by attackers to distribute exploits is through webpages, but exploits can arrive in emails.

Some legitimate websites might unknowingly and unwillingly host malicious code and exploits in their ads.

How we name exploits

A project called "Common Vulnerabilities and Exposures (CVE)" is used by many security software vendors. The project gives each vulnerability a unique number, for example, CVE-2013-0422.

The portion "2013" refers to the year the vulnerability was discovered. The "0422" is a unique ID for this specific vulnerability.

You can read more on the CVE website.