Forget Java: Microsoft's Silverlight is now the most vulnerable plugin

Forget Java: Microsoft's Silverlight is now the most vulnerable plugin
According to Cisco's security research, Microsoft's Silverlight is now the most vulnerable and dangerous plugin, surpassing perennial list toppers like Java and Flash.

The web video and interactive content plugin has seen a large increase in attacks from hackers, say the researchers, and while users are now well aware of the dangers of outdated Java software, many have no clue about Silverlight.



"Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October, 2021," says the report.

Current malware attacks "use a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was already patched four months ago, but a majority of users have outdated Silverlight installs. Silverlight, unlike many Microsoft products, does not self-update.

Source:
Electronista

Written by: Andre Yoskowitz @ 23 May 2014 10:49
Tags
security Microsoft Silverlight Plugin
Advertisement - News comments available below the ad
  • 11 comments

  • ddp

    i don't use it as not installed on my computers.

    23.5.2014 12:17 #1

  • Ryoohki

    I think I have it installed. I could be wrong but I could have sworn it's what I use on Amazon's website for the instant video stuff.

    23.5.2014 12:49 #2

  • hearme0

    Netflix for sure uses Silverlight.

    I'm so F'ing anti-java it's not even funny but perhaps MS needs to mandate self-updating for this soon-to-be P.O.S. software.

    23.5.2014 13:25 #3

  • aldan

    no,silverlight does not self update?you get the updates through your windows update.so i guess if you choose automatic updates then silverlight does indeed self update.havent had java for some time now.

    23.5.2014 15:27 #4

  • crkrjak2001

    Since I dropped Netflix, I don't need Silverlight anymore. A quick uninstall for me. I, too dropped Java years ago.

    24.5.2014 07:58 #5

  • KillerBug

    I still use both...Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix). As for flash, it is still the best bet to get porn on mobile devices without waiting more than a couple seconds. It is easy to blame microsoft for making silverlight updates sorta-separate from windows update, but I think it is just as prudent to blame Netflix...they are the ones that forced me to install it, they know what version I am using, and they don't even give me an alert to update. Back when flash was king websites would warn you about an outdated version all the time.

    BTW...if you don't have any specific NEED for Java, then you have probably never written any code; half the IDE's require it.


    25.5.2014 16:56 #6

  • Ripper

    Yeah I still use both; I resented having to adopt Silverlight on principle and more or less "need" Java.

    Quote: Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix). Shift + Alt + Left Click in your Netflix player, Stream Manager > Manually set bandwidth. If that's what you are after anyway.


    25.5.2014 19:57 #7

  • xboxdvl2

    i use silver light for yahoo7 website to watch tv shows i miss.
    the quality on the tv shows online is terrible the buffering takes too long, they be better off going with flash and a more reliable site rather than yahoo.

    i personally would watch them on you tube but aussie tv shows don't make it on you tube or get removed quickly due to copyright & torrents isn't an option unless the show is american.

    custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.

    26.5.2014 09:56 #8

  • KillerBug

    Originally posted by Ripper: Yeah I still use both; I resented having to adopt Silverlight on principle and more or less "need" Java.

    Quote: Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix). Shift + Alt + Left Click in your Netflix player, Stream Manager > Manually set bandwidth. If that's what you are after anyway.     Good to know...if I ever go back to Windows 8 or if Netflix ever enables good browsers I'll have to try that.


    26.5.2014 17:29 #9

  • Mez

    Originally posted by hearme0: Netflix for sure uses Silverlight.

    I'm so F'ing anti-java it's not even funny but perhaps MS needs to mandate self-updating for this soon-to-be P.O.S. software.     The HUGE problem with self updating software is they are compromised by hackers then they have more privileges than even an admin. That I why I don't have any Adobe apps on my computer.

    I have had my air updater compromised.

    30.5.2014 12:13 #10

  • omendata

    It does auto update - perhaps they mean the default install is set to non autoupdate - baton the hatches and update update update - or better still disable disable disable - Java and Silversh***
    >;o)

    If you want to see whats what run the Silverlight.Configuration.exe file in the C:\Program Files\Microsoft Silverlight directory which will probably contain one or more versions of silverlight - My advice is to delete all but the latest and do an update directly from the microsoft sliverlight download site if you really have to - Skygo uses it so if you disable it lots of things aint gonna work anymore!

    30.5.2014 21:20 #11

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud