A potentially dangerous and known Microsoft Silverlight vulnerability allows hackers to enter a system on both Windows and Mac.
The vulnerability found in Microsoft Silverlight has been used in the deployment of the Angler exploit kit that has compromised computer systems globally.
The exploit means hackers are able to infect a system and take control of it, hijacking system administrators on the two premier PC platform providers.
Microsoft Silverlight, the company’s application framework for building software, is noted for security, but the rare exploit is an open door for hackers.
Once a popular tool, Silverlight was discontinued by Microsoft in 2013, aside from the company continuing to offer bug fixes and patches.
The Adobe Flash alternative is still widely used though, with compatibility on all major web browsers, including Google Chrome, Firefox, and of course Internet Explorer. The exploit was spotted by Kaspersky, during a hacking team data breach that revealed numerous exploits for several services that were not previously known.
At the time of the discovery in January, Kaspersky noted:
“It’s a big deal; Silverlight vulnerabilities don’t come around that often. Exploitation of the zero-day itself is fairly technical, but once a proof-of-concept falls into the hands of someone who knows what they’re doing and reverse engineers the patch, it’s not that difficult to produce a weaponized version of it.“
The Angler kit has become a popular and easy to implement hacking tool. It lies in wait, typically on internet landing pages, waiting for a click to install itself on a victim system, giving the hacker control at an administrative level. A recent landing page code found that Angler kit is using Silverlight as an open door into unprotected computers.
TeslaCrypt Malware is placed on the system, a thoroughly frustrating ransomware that locks files and makes the machine useless. Users are then told they must pay virtual currency to have their files unlocked and their computer released.
The Microsoft Silverlight exploit is only an issue for outdated versions of the service, with computers boasting the latest 5.1.41212.0 patch version found to be safe. With that in mind, it is highly recommended that people with older Silverlight versions update to the newest build.
SOURCE: Malware: Don’t Need Coffee via ZDNET