Mitigating Malvertising and AI-Driven Threats: Windows Security in 2025

This week’s wave of security headlines delivered a clear, uncomfortable message for Windows admins and security teams: the internet’s trust fabric is fraying in ways that let attackers hide inside legitimate flows — and Microsoft’s own infrastructure, link‑wrapping services, and even patch releases have become part of the battleground. A sophisticated malvertising campaign launders phishing links through trusted wrappers and legitimate redirects to steal Microsoft 365 credentials; Microsoft Research unveiled Project Ire, an LLM‑driven autonomous reverse‑engineering agent that promises signature‑free malware classification; and a botched August update forced Microsoft to rush an out‑of‑band fix after recovery functions like “Reset this PC” were rendered unusable. Together these developments expose both technological progress and fragile operational seams that IT teams must address immediately. (cloudflare.com) (microsoft.com) (windowscentral.com)

Background: why this moment matters​

Organizations rely on a layered trust model: reputable domains, email security providers, link‑rewriters, and identity providers all serve as signals that a request is safe. Attackers increasingly weaponize that trust rather than trying to defeat it directly. Two related trends converge here:

• The rise of URL‑first phishing and malvertising — attackers prefer malicious links, redirect chains and AiTM (Adversary‑in‑the‑Middle) proxies to blunt attachment‑based detection and bypass MFA. Security vendors report billions of URL‑based threats and major increases in phishing kits and PhaaS offerings that democratize high‑quality phishing. (itpro.com)
• The adoption of automation and AI in detection — vendors and defenders alike are turning to large models and automation to scale triage and analysis. Microsoft’s Project Ire is a high‑profile example that attempts to automate reverse engineering and produce human‑quality verdicts without traditional signatures. (microsoft.com)

That combination — more convincing phishing delivered through legitimate channels, and defenders trying to scale with AI — creates both new defensive capabilities and new attack surfaces. The incidents this week make that duality plain: attackers used trusted wrappers and Microsoft auth flows to hide phishing, while defenders must decide how and when to integrate AI agents like Project Ire into operational controls. (csoonline.com)

---

Malvertising meets office.com: the attack pattern​

How the campaign works, step by step​

The malvertising/redirect phishing technique combines several tactics into a single, reliable attack chain:

• Delivery via malvertising or sponsored search ads — bad actors buy ad placements or sponsor search results that look relevant (typo squats such as “Office 265”) and attract clicks. The initial click lands on an innocuous‑looking intermediary and often uses a URL shortener. (computing.co.uk)
• URL shortening and link wrapping — the shortened link is then passed through legitimate email/security vendor wrappers (for example, Proofpoint’s urldefense or Intermedia’s wrappers). Wrappers normally rewrite URLs to approved domains so clicks are scanned; in this campaign they serve to launder the malicious destination and increase user trust. (cloudflare.com, proofpoint.com)
• Multi‑hop redirects — the wrapped link redirects through a chain of domains (sometimes five or more hops), including major platforms or ad trackers, before landing on a phishing portal. The chain and presence of trusted domains make automated scanners and users less suspicious. (cloudflare.com)
• Abuse of ADFS / tenant redirect logic — in particularly advanced operations, attackers create a Microsoft tenant configured with ADFS or otherwise leverage Microsoft redirect flows so that the initial URL appears to originate from office.com or outlook.office.com before forwarding to the attacker’s credential‑harvest site. That makes the link appear even more trustworthy and can defeat common URL‑based defences. (pushsecurity.com, computing.co.uk)
• Credential or session capture — the final page collects credentials and may use an AiTM proxy or real‑time interception of MFA prompts, letting attackers harvest session cookies or one‑time codes to bypass defenders. These harvested tokens can be used for immediate account takeover or replayed later. (proofpoint.com)

This chain is effective because it subverts both human expectations (trusted domain names and branded wrappers) and automated checks (URL lookups often stop at the wrapper and don’t re‑evaluate the full redirect chain). Cloudflare and several industry teams documented campaigns that explicitly abused Proofpoint and Intermedia wrappers in June–July 2025. (cloudflare.com)

Why the campaign is harder to detect​

• Vendor wrappers create a false positive signal — security tools and users are trained to treat wrapper domains as safe, so initial scans may dismiss the click as benign. (cloudflare.com)
• Redirect chains defeat sandboxing — many analysis environments timeout or only allow limited navigation depth, so multi‑hop chains can avoid being fully executed during automated analysis.
• ADFS/tenant redirects mimic legitimate auth flows — by using Microsoft’s own tenant and SSO configuration, attackers can trigger familiar login screens and capture credentials with a much higher click‑through and conversion rate. Push Security and others warned about adversaries creating Microsoft tenants and configuring ADFS to enable these redirect sequences. (pushsecurity.com, itpro.com)

---

Real‑world impact and scale​

Security telemetry and vendor reports show this is not a niche test — large numbers of organizations were impacted by related AiTM and link‑wrapping campaigns earlier in 2025. Proofpoint’s research documented thousands of organizations targeted by AiTM kits; Cloudflare and other researchers confirmed multiple campaigns exploiting link wrappers; and security teams observed high success rates when malvertising lures were used instead of email alone. The result is rapid account takeover, lateral phishing from compromised internal accounts, and business email compromise (BEC) at scale. (proofpoint.com, cloudflare.com, tomsguide.com)

---

Project Ire: what Microsoft announced and what it means​

What Project Ire is​

Project Ire is Microsoft Research’s prototype autonomous malware classification system that combines LLM reasoning with established reverse‑engineering tools. It orchestrates decompilers, control‑flow reconstruction, and binary analysis frameworks to produce a human‑readable “chain of evidence” and a classification verdict without relying on traditional AV signatures. Microsoft published the prototype’s performance numbers: very high precision in controlled tests and promising results when used against “hard” files that previously required manual review. (microsoft.com)

Reported performance​

• Precision on public Windows driver datasets: reported at 0.98 in initial tests and 0.89 in tougher, real‑world trials.
• Recall varies by dataset and task: Microsoft notes recall was significantly lower on the most challenging “hard” files used in manual triage (recall as low as the mid‑20% range in some tests), meaning Ire found fewer of the total malware instances but was usually correct when it did flag something. (microsoft.com, csoonline.com)

Strengths: what Project Ire brings to defenders​

• Scalable reverse engineering: automates a labor‑intensive human task and reduces backlog in SOCs and triage teams.
• High precision and low false positives: early results suggest few false alarms, which reduces alert fatigue.
• Actionable explanations: the system produces reproducible analysis traces suitable for human review and for justifying automatic blocking in controlled scenarios. (microsoft.com, csoonline.com)

Risks and limitations​

• Recall gap on novel, highly obfuscated samples: Project Ire’s recall in the hardest real‑world tests was modest, meaning it may not catch every sophisticated threat on first pass. Relying solely on it as a single detector would be risky. (microsoft.com)
• Adversarial samples and model brittleness: attackers can deliberately craft binaries or runtime behaviors designed to confuse decompilers or LLM reasoning, increasing the chance of missed detections or misclassifications.
• Operational integration and governance: autonomous blocking decisions must be carefully governed to avoid disrupting benign software or critical updates; human‑in‑the‑loop validation is still necessary in high‑risk environments. (csoonline.com)
• Supply chain and tooling reliance: Project Ire integrates third‑party tooling (e.g., angr). Any flaws or licensing changes in these components could affect the overall system’s reliability and reproducibility. (microsoft.com)

In short, Project Ire is a major step toward automating deep malware analysis, but it should be viewed as a powerful augmentation to skilled analysts rather than a silver bullet. Organizations should pilot such systems in detection augmentation roles and maintain rigorous validation processes before using autonomous blocking in production. (microsoft.com, csoonline.com)

---

The botched August update and recovery headaches​

In a separate but equally urgent track, Microsoft shipped August updates that introduced serious user impact: some systems experienced SSD disappearance or data loss, and recovery features like “Reset this PC” and “Fix problems using Windows Update” were disabled on affected Windows 10 and Windows 11 versions. Microsoft issued an out‑of‑band (OOB) update — KB5066189 for Windows 11 and KB5066188 for Windows 10 — to remediate the recovery regression; these optional cumulative updates replaced the problematic KB5063875 initial roll‑out. Users and admins were advised to install the corrected OOB patch rather than the original faulty release. (windowscentral.com, techradar.com, itpro.com)
Practical implications for IT:

• Recovery tools are a last line of defense for troubleshooting; losing them complicates incident response and increases risk when remediating compromised endpoints.
• The episode reinforces the need for update‑testing windows and phased rollouts in production environments, particularly for broad enterprise deployments.
• Admins should verify patch KB numbers and build numbers in their update management consoles before pushing fixes widely. (windowscentral.com)

---

What defenders should do now — recommended actions​

The cocktail of malvertising + trusted redirect abuse + AI‑driven detection changes the playbook. The following set of prioritized actions helps mitigate immediate risk while preparing for longer‑term resilience.

High‑priority immediate steps (urgent)​

• Harden authentication and sessions:
• Enforce Conditional Access policies that require device compliance and location checks for sensitive sign‑ins.
• Shorten token lifetimes where possible and disable non‑essential fallback MFA methods (SMS, email) for high‑privilege accounts. (techradar.com)
• Monitor and hunt for suspicious redirects:
• Add SIEM hunts for clicks that reference wrapper domains (urldefense.proofpoint.com, intermedia wrappers) followed by odd outbound redirects.
• Create alerts for unusual ADFS tenant redirects or tenant names referenced in sign‑in logs. (cloudflare.com, pushsecurity.com)
• Patch and apply the OOB fixes:
• For affected clients, prefer the Microsoft OOB updates KB5066189 (Windows 11) and KB5066188 (Windows 10) over the original KB5063875 until fully validated. Test on a small cohort first. (windowscentral.com, techradar.com)
• Revoke sessions and credentials after suspected compromise:
• If an account is suspected, revoke refresh tokens, force password resets, and verify MFA enrollment. Logins should be investigated for suspicious IPs and user agent strings. (proofpoint.com)

Configurations and controls (near term)​

• Implement browser isolation for high‑risk users and sensitive browsing to stop multi‑hop redirect chains from executing locally.
• Configure URL scanning to evaluate the full redirect path rather than stopping at wrapper domains; require real‑time inspection at the last hop where feasible. (cloudflare.com)
• Disable legacy ADFS where possible and migrate to Microsoft Entra ID/Azure AD with modern conditional access. If ADFS must remain, monitor for unusual tenant registrations and suspicious redirect parameters. (itpro.com, pushsecurity.com)

Training, process and people​

• Educate end users on the new malvertising tactics: treat unexpected voicemail, Teams, or “shared document” links with skepticism even when they appear to come from trusted wrappers.
• Update incident playbooks to include procedures for dealing with AiTM credential captures (revoke sessions, force re‑authentication, check sign‑in logs).
• Coordinate with email security vendors: request logs of wrapped URL clicks and threat telemetry; consider temporary policies to add additional inspection for wrapped links. (proofpoint.com, cloudflare.com)

---

Policy, governance and the future of trust​

The attacks this week expose a policy challenge as much as a technical one: how should defenders treat the decision to rely on third‑party wrappers and vendor‑rewritten URLs? When protective features become attack vectors, organizations must re‑examine assumptions baked into their controls.

• Contract and SLAs: demand telemetry and faster reaction windows from email security vendors; ask for the ability to automatically re‑evaluate wrapped URLs across the full redirect chain.
• Risk acceptance and testing: adopt staged rollouts for OS updates and maintain recovery readiness; test “Reset this PC” and other rarely used recovery paths during your patch QA cycles so regressions are caught before wide deployment. (itpro.com, windowscentral.com)
• AI governance: if integrating Project Ire–style agents into detection pipelines, enforce clear human review thresholds for autonomous blocking and maintain auditable decision trails. Project Ire’s chain‑of‑evidence model is promising, but governance ensures it becomes an augmenting, not replacing, control. (microsoft.com)

---

Final analysis — balancing speed, trust and resilience​

The week’s headlines paint a familiar yet accelerating picture: attackers are re‑using the defenders’ strengths — trusted domains, familiar login flows, and vendor‑provided safety features — as camouflage. That makes social engineering more effective and automated detection more brittle. At the same time, defenders are gaining powerful new tools: autonomous reverse engineering, improved telemetry, and more sophisticated SIEM hunts. The net effect is a dynamic arms race where operational discipline — short token lifetimes, careful update testing, layered telemetry — matters as much as any single technology.
Project Ire is an important advance in scaling expert analysis and could materially shrink analyst backlog and speed detection of novel threats. However, its recall limitations and the fundamental complexity of binary analysis mean it should be deployed with human checks and strict governance. Meanwhile, the link‑wrapping and ADFS abuses are a reminder that trust is contextual: trusted domains do not equal trusted intent. Immediate steps — token hardening, redirect path inspection, browser isolation, and careful patch management — will blunt the current campaigns while buying time to adopt more resilient identity and detection practices.
The frontline takeaway for IT teams is straightforward and urgent: assume your users will be targeted through legitimate‑looking routes, assume attackers can and will weaponize vendor features, and act now to reduce token lifetime, tighten conditional access, inspect full redirect paths, and validate any autonomous detection systems before granting them the power to block without human oversight. The week’s incidents are both a warning and an opportunity: when defenders pair rigorous operational controls with the smart use of AI tools, the balance can shift back toward defenders — but only if the basics aren’t neglected in the rush for new capabilities. (cloudflare.com, microsoft.com)

---

Source: Petri IT Knowledgebase Malvertising Meets Office.com: Why Microsoft Is Urging You to Watch Those Links - Petri IT Knowledgebase