AfterDawn: Tech news

Forget Java: Microsoft's Silverlight is now the most vulnerable plugin

Written by Andre Yoskowitz (Google+) @ 23 May 2014 10:49 User comments (11)

Forget Java: Microsoft's Silverlight is now the most vulnerable plugin According to Cisco's security research, Microsoft's Silverlight is now the most vulnerable and dangerous plugin, surpassing perennial list toppers like Java and Flash.
The web video and interactive content plugin has seen a large increase in attacks from hackers, say the researchers, and while users are now well aware of the dangers of outdated Java software, many have no clue about Silverlight.

"Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October, 2021," says the report.

Current malware attacks "use a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was already patched four months ago, but a majority of users have outdated Silverlight installs. Silverlight, unlike many Microsoft products, does not self-update.

Source:
Electronista

More news

Previous Next

Related news

 

11 user comments

123.5.2014 12:17

i don't use it as not installed on my computers.

223.5.2014 12:49

I think I have it installed. I could be wrong but I could have sworn it's what I use on Amazon's website for the instant video stuff.

323.5.2014 13:25

Netflix for sure uses Silverlight.

I'm so F'ing anti-java it's not even funny but perhaps MS needs to mandate self-updating for this soon-to-be P.O.S. software.

423.5.2014 15:27

no,silverlight does not self update?you get the updates through your windows update.so i guess if you choose automatic updates then silverlight does indeed self update.havent had java for some time now.

This message has been edited since its posting. Latest edit was made on 23 May 2014 @ 15:27

524.5.2014 7:58

Since I dropped Netflix, I don't need Silverlight anymore. A quick uninstall for me. I, too dropped Java years ago.

625.5.2014 16:56

I still use both...Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix). As for flash, it is still the best bet to get porn on mobile devices without waiting more than a couple seconds. It is easy to blame microsoft for making silverlight updates sorta-separate from windows update, but I think it is just as prudent to blame Netflix...they are the ones that forced me to install it, they know what version I am using, and they don't even give me an alert to update. Back when flash was king websites would warn you about an outdated version all the time.

BTW...if you don't have any specific NEED for Java, then you have probably never written any code; half the IDE's require it.

This message has been edited since its posting. Latest edit was made on 25 May 2014 @ 16:58


725.5.2014 19:57

Yeah I still use both; I resented having to adopt Silverlight on principle and more or less "need" Java.

Quote:
Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix).
Shift + Alt + Left Click in your Netflix player, Stream Manager > Manually set bandwidth. If that's what you are after anyway.


826.5.2014 9:56

i use silver light for yahoo7 website to watch tv shows i miss.
the quality on the tv shows online is terrible the buffering takes too long, they be better off going with flash and a more reliable site rather than yahoo.

i personally would watch them on you tube but aussie tv shows don't make it on you tube or get removed quickly due to copyright & torrents isn't an option unless the show is american.


custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.

926.5.2014 17:29

Originally posted by Ripper:
Yeah I still use both; I resented having to adopt Silverlight on principle and more or less "need" Java.

Quote:
Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix).
Shift + Alt + Left Click in your Netflix player, Stream Manager > Manually set bandwidth. If that's what you are after anyway.
Good to know...if I ever go back to Windows 8 or if Netflix ever enables good browsers I'll have to try that.


1030.5.2014 12:13

Originally posted by hearme0:
Netflix for sure uses Silverlight.

I'm so F'ing anti-java it's not even funny but perhaps MS needs to mandate self-updating for this soon-to-be P.O.S. software.
The HUGE problem with self updating software is they are compromised by hackers then they have more privileges than even an admin. That I why I don't have any Adobe apps on my computer.

I have had my air updater compromised.

1130.5.2014 21:20

It does auto update - perhaps they mean the default install is set to non autoupdate - baton the hatches and update update update - or better still disable disable disable - Java and Silversh***
>;o)

If you want to see whats what run the Silverlight.Configuration.exe file in the C:\Program Files\Microsoft Silverlight directory which will probably contain one or more versions of silverlight - My advice is to delete all but the latest and do an update directly from the microsoft sliverlight download site if you really have to - Skygo uses it so if you disable it lots of things aint gonna work anymore!

Comments have been disabled for this article.

News archive