Researchers at the California-based security firm FireEye have taken notice that the Angler browser exploit kit, a malware bundle used by online criminals to methodically penetrate your web browser and your PC, is now able to get past two of Microsoft’s strongest defenses: the Enhanced Mitigation Experience Toolkit and data execution prevention, both of which are routinely used to beef up Windows security.
The bypass has been observed on Windows 7 machines with the Microsoft Silverlight or Adobe Flash Player browser plugin activated. There’s no word on whether the exploit works on Windows 8.1 or Windows 10.
Exploits like this are secretly embedded in malicious or hijacked websites and online ads, attacking visiting web browsers, quickly assessing the version number, plugins and underlying platform of each browser, then refining the malware for the specific browser. After being installed, the exploit kit is free to load all sorts of malware, ransomware, banking Trojans, and more onto your system.
The website describes the way to stay clear of the exploit as simply disabling Adobe Flash Player and Microsoft Silverlight, or setting them to click-to-play.