Windows 7 exploit able to get past Microsoft's best defenses

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Windows 7 featured image

Researchers at the California-based security firmĀ  FireEye have taken notice that the Angler browser exploit kit, a malware bundle used by online criminals to methodically penetrate your web browser and your PC, is now able to get past two of Microsoft’s strongest defenses: the Enhanced Mitigation Experience Toolkit and data execution prevention, both of which are routinely used to beef up Windows security.

The bypass has been observed on Windows 7 machines with the Microsoft Silverlight or Adobe Flash Player browser plugin activated. There’s no word on whether the exploit works on Windows 8.1 or Windows 10.

Exploits like this are secretly embedded in malicious or hijacked websites and online ads, attacking visiting web browsers, quickly assessing the version number, plugins and underlying platform of each browser, then refining the malware for the specific browser. After being installed, the exploit kit is free to load all sorts of malware, ransomware, banking Trojans, and more onto your system.

The website describes the way to stay clear of the exploit as simply disabling Adobe Flash Player and Microsoft Silverlight, or setting them to click-to-play.

User forum

11 messages