Microsoft Silverlight Vulnerability Leads To Malware Infections

Microsoft sign

Do you have Silverlight installed on your computer? The Microsoft product, similar to Adobe Flash, is used for running internet applications, most notably the streaming video client on Netflix. Subscribers alone account for 40-million Silverlight users worldwide. As Zeljka Zorz of HelpNet Security reports, all of these users are at risk of becoming a victim of a malware attack that exploits a critical vulnerability in Silverlight.

The malware, which could allow remote code execution, finds it way onto your machine when you visit an infected website. This website could be specifically set-up by hackers to infect unsuspecting users, it could be a compromised site that’s infecting users without the owners knowledge, or a site that allows user submitted content.

When you land on one of these websites, an Angler exploit kit, which is a tool used by hackers, determines what version of Silverlight you have installed. It determines whether you are vulnerable to an attack and, if so, the malware is downloaded to your computer.

The reason the Angler is needed is because Microsoft has already released a patch that fixes the security flaw being exploited. However, a number of users fail to update and are still using out-dated versions of Silverlight. If you’re using Silverlight, be sure you update to close vulnerabilities that could otherwise lead to a malware infection. If you don’t use Silverlight, but have it installed, you can remove it completely to protect yourself from this attack.

This is another example of why it’s important to keep all applications up to date and install each patch when it’s released. Enabling automatic updates for trusted applications makes this job easier.

If you have experienced a malware attack and your computer’s performance is suffering, bring your machine to Geek Rescue or call us at 918-369-4335.

November 19th, 2013