Microsoft Updates SmartScreen To Protect Internet Explorer, Edge Users From Drive-By Attacks

Since its introduction in Internet Explorer 7, Microsoft has helped keep users safe from malware and browser hijacks with SmartScreen. The company went on to introduce SmartScreen as a feature of Windows itself, able to detect malicious software, or at least warn people that software about to be installed is an unknown to the company.

Smartscreen Protection

Now, the company has updated Internet Explorer 11 and Edge with a SmartScreen feature that will help protect users from so-called "drive-by" attacks. Drive-by refers to the fact that the attacks can come out of nowhere, and even initiate on a legitimate website. They could trigger through a Flash element, for example, or some piece of JavaScript. Microsoft already is able to detect known drive-by techniques, but this SmartScreen evolution could potentially protect against unknown ones, as well.

This update could prove very important, as Microsoft has noticed that vulnerabilities are now exploited faster than ever, as the below graph highlights.

Time to Exploit Trends

That's why being able to detect 0-days before they're even called 0-days is key. Microsoft relays that it's already managed to pull this kind of preventative protection off:

The threat, broadly referred to as the HanJuan EK, was detected by SmartScreen’s exploit intelligence systems. As we dug into the data, we discovered the attack was actually leveraging a new 0-day exploit in Adobe Flash player, meaning that SmartScreen intelligence systems were detecting this attack even before it was identified as a new 0-day exploit. We reported the issue privately to Adobe (CVE-2015-0313) and a patch was developed and shipped.

Up to this point, if Microsoft detected a webpage with malicious elements, it would block the entire thing. Now, SmartScreen can single-out the element by highlighting it, but allow the rest of the page's content to load. This sounds potentially very useful.

At the moment, these updates are exclusive to Windows 10, but Microsoft notes that Windows 7 / 8 updates are en route.


Via:  Windows Blog
Show comments blog comments powered by Disqus