BREAKING NEWS: Windows Defender Advanced Threat Protection (Windows Defender ATP) to include AI-driven automated investigation and remediation capabilities later this year.Learn more
Exploits take advantage of weaknesses or “vulnerabilities” in common software, such as Java and Adobe Flash.
A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware can use these vulnerabilities to exploit the way the software works and further infect your PC.
Some of the worst exploits allow attackers to run malicious code on your PC without your knowledge.
We categorize exploits in our encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.
The best prevention for exploits is to keep all of your software up-to-date.
See our Updating software help page for information on how to keep your software updated, and what you can do to reduce the risk of malware infection your PC.
How exploit attacks work with other malware
Often, an exploit detection on your PC is just one piece of a much larger attack. Malicious hackers can use a large number of exploits to infect your PC with as much malware as they can. Attackers might use an exploit kit to find vulnerabilities on your PC, which they can then try to exploit.
If your security software detects an exploit in your Java cache, it’s likely that an attempt to compromise your PC has been made.
We might alert you about an exploit when you visit a website that contains malicious exploit code even if you aren't using any vulnerable software. This means that the website tried to infect your PC, it doesn't mean it was successful.
If you ever get alerts about exploits, make sure you run a full scan, just to be on the safe side.
What are exploit kits?
After exploding in the past couple of years, ransomware encounters seem to have begun to decline. However, this trend is not a reflection of the email and exploit kit campaigns that try to install ransomware on computers. Rather, it is a sign of better blocking of attacks by security software like Windows Defender Antivirus. All in all, millions of computers still encountered ransomware in 2016.
Exploit kits are tools that check your PC for software vulnerabilities that they can then try to exploit. They usually use a variety of exploits to attack your PC.
Prevalent exploit kits include:
These kits can use exploits targeting a variety of software, including Adobe Flash Player, Adobe Reader, Internet Explorer, Oracle Java and Sun Java.
The infographic below shows how an exploit kit might attempt to exploit your PC when you visit a compromised webpage:
How exploits are distributed
The most common method used by attackers to distribute exploits and exploit kits is through webpages, but exploits can also arrive in emails.
Some legitimate websites unknowingly and unwillingly host malicious code and exploits in their ads.
How we name exploits
A project called "Common Vulnerabilities and Exposures (CVE)" is used by many security software vendors. The project gives each vulnerability a unique number, for example, CVE-2016-0778.
The portion "2016" refers to the year the vulnerability was discovered. The "0778" is a unique ID for this specific vulnerability.
You can read more on the CVE website.