A affecting Microsoft Silverlight 5 is live and infecting PCs that visit compromised or malicious websites. Developed by Microsoft, Silverlight is a framework for rich Internet applications and in many ways can be compared to Flash, although the latter has become more dominant. The flaw, which exists in versions prior to 5.1.20125.0, allows attackers to execute arbitrary code on the affected systems without any user interaction. Microsoft the flaw (CVE-2013-0074) on March 12, 2013. The Silverlight exploit was first spotted in the Angler exploit kit by and later. The screenshot below summarizes the attack (click to enlarge). Screenshot courtesy of Kafeine Upon landing on the exploit page, the Angler exploit kit will determine if Silverlight is installed and what version is running.
If the conditions are right, a specially crafted library is triggered to exploit the Silverlight vulnerability. As with all exploit kits, leveraging vulnerabilities is just an intermediary step for the real motive: pushing malware to the victims’ machine. The Silverlight web plugin is not installed by default but is required to view content on certain websites. As pointed out by, Netflix, which has, requires Silverlight for its paid streaming video service. Netflix requires Silverlight:.
Silverlight is the browser plug-in that allows you to watch TV shows and movies on your computer. Follow the steps below to install the Silverlight plug-in on your Mac computer. Open Netflix and select any title to play. When a Silverlight dialog box opens, select Install Now. Open the Downloads page and double-click on Silverlight.dmg.
That’s about 40 million potential victims for the Silverlight exploit in Angler EK. — Timo Hirvonen (@TimoHirvonen) If you want to watch, you will need to use Silverlight. “If you do not already have Microsoft Silverlight plug-in installed, you will be prompted to download and install the free plug-in for your web browser. Just follow the instructions to get started,” prompted Netflix. Fortunately, those that do not have the plugin yet will be redirected to download the latest (and safe) version.
However, those that already have and older version of Silverlight can still watch Netflix and may not be aware that their computers are at risk. Please ensure that you are running the latest version available (5.1.20913.0) and that it is set to install updates automatically: We can expect this CVE to be integrated into other exploit kits soon, so it is important to make sure you patch all your machines now. Even if you don’t watch Netflix, you may have installed Silverlight in the past and forgotten about it. If you don’t need Silverlight (or other plugins), simply remove it altogether as that will help to reduce your surface of attack. Jerome Segura () is a senior security researcher at Malwarebytes.