Keep your Microsoft Silverlight plugin updated as exploits are on the rise

Ron

Keep your Microsoft Silverlight plugin updated as exploits are on the rise

If you are running an outdated version of Microsoft Silverlight, now might be a good time to update it. According to a new data from Cisco, Silverlight exploits are on the rise. If you happen to use Netflix, you are likely using Silverlight.

Netflix runs in web browsers with the help of Microsoft Silverlight, a plugin that is not necessiarly safe from security issues which can be exploited by attackers. In fact, a new “drive-by” exploit is being utilized to target Silverlight’s vulnerabilitites and install malicious software on the victim’s computer. These attacks were accompanied by attacks that also targeted Adobe’s Flash player, but did not touch Oracle’s Java framework, even though it is a widely targeted platform for attackers.

The way this attack works is simple yet complex. The attackers infiltrate the networks of AppNexus, a New York based online advertising company, in order to spread malicious ads across the internet. If one of these ads are clicked, the victim gets redirected to another malicious banner ad. From there, the victim gets redirected to a website where a malware package called the “Angler exploit kit” attacks the victim’s browser with numerous attacks. When one of the attacks is successful, it infects the browser with malware. This is called a “drive-by” attack.

“Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it’s never triggered,” the report stated.

You can hit the VIA link below to read the full report from Cisco. Make sure you have the latest update to Silverlight installed. If not, hit the download link below to grab the latest version of Silverlight.