Forget Java: Microsoft's Silverlight is now the most vulnerable plugin

Written by Andre Yoskowitz @ 23 May 2014 10:49 User comments (11)

According to Cisco's security research, Microsoft's Silverlight is now the most vulnerable and dangerous plugin, surpassing perennial list toppers like Java and Flash.

The web video and interactive content plugin has seen a large increase in attacks from hackers, say the researchers, and while users are now well aware of the dangers of outdated Java software, many have no clue about Silverlight.

"Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October, 2021," says the report.

Current malware attacks "use a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was already patched four months ago, but a majority of users have outdated Silverlight installs. Silverlight, unlike many Microsoft products, does not self-update.

Source:
Electronista

Tags: security Microsoft Silverlight Plugin

<eBay asks 145 million users to change their passwords following cyber attack >Sony: PlayStation 4 very likely to surpass PS2 in profitability

11 user comments

123.5.2014 12:17

ddp

Send private message to this user

Moderator

i don't use it as not installed on my computers.

223.5.2014 12:49

Ryoohki

Send private message to this user

Member

I think I have it installed. I could be wrong but I could have sworn it's what I use on Amazon's website for the instant video stuff.

323.5.2014 13:25

hearme0

Send private message to this user

Senior Member

Netflix for sure uses Silverlight.

I'm so F'ing anti-java it's not even funny but perhaps MS needs to mandate self-updating for this soon-to-be P.O.S. software.

423.5.2014 15:27

aldan

Send private message to this user

Senior Member

no,silverlight does not self update?you get the updates through your windows update.so i guess if you choose automatic updates then silverlight does indeed self update.havent had java for some time now.

This message has been edited since its posting. Latest edit was made on 23 May 2014 @ 3:27

524.5.2014 07:58

crkrjak2001

Send private message to this user

Newbie

Since I dropped Netflix, I don't need Silverlight anymore. A quick uninstall for me. I, too dropped Java years ago.

625.5.2014 16:56

KillerBug

Send private message to this user

AfterDawn Addict

I still use both...Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix). As for flash, it is still the best bet to get porn on mobile devices without waiting more than a couple seconds. It is easy to blame microsoft for making silverlight updates sorta-separate from windows update, but I think it is just as prudent to blame Netflix...they are the ones that forced me to install it, they know what version I am using, and they don't even give me an alert to update. Back when flash was king websites would warn you about an outdated version all the time.

BTW...if you don't have any specific NEED for Java, then you have probably never written any code; half the IDE's require it.

This message has been edited since its posting. Latest edit was made on 25 May 2014 @ 4:58

725.5.2014 19:57

Ripper

Send private message to this user

AfterDawn Addict

Yeah I still use both; I resented having to adopt Silverlight on principle and more or less "need" Java.

Quote:
Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix).

Shift + Alt + Left Click in your Netflix player, Stream Manager > Manually set bandwidth. If that's what you are after anyway.

826.5.2014 09:56

xboxdvl2

Send private message to this user

Senior Member

i use silver light for yahoo7 website to watch tv shows i miss.
the quality on the tv shows online is terrible the buffering takes too long, they be better off going with flash and a more reliable site rather than yahoo.

i personally would watch them on you tube but aussie tv shows don't make it on you tube or get removed quickly due to copyright & torrents isn't an option unless the show is american.

926.5.2014 17:29

KillerBug

Send private message to this user

AfterDawn Addict

Originally posted by Ripper:
Yeah I still use both; I resented having to adopt Silverlight on principle and more or less "need" Java.

Quote:
Netflix is either Silverlight or HTML5...and HTML5 has no bandwidth controls (at least not on netflix).
Shift + Alt + Left Click in your Netflix player, Stream Manager > Manually set bandwidth. If that's what you are after anyway.

Good to know...if I ever go back to Windows 8 or if Netflix ever enables good browsers I'll have to try that.

1030.5.2014 12:13

Mez

Send private message to this user

AfterDawn Addict

Originally posted by hearme0:
Netflix for sure uses Silverlight.

I'm so F'ing anti-java it's not even funny but perhaps MS needs to mandate self-updating for this soon-to-be P.O.S. software.

The HUGE problem with self updating software is they are compromised by hackers then they have more privileges than even an admin. That I why I don't have any Adobe apps on my computer.

I have had my air updater compromised.

1130.5.2014 21:20

omendata

Send private message to this user

Member

It does auto update - perhaps they mean the default install is set to non autoupdate - baton the hatches and update update update - or better still disable disable disable - Java and Silversh***
>;o)

If you want to see whats what run the Silverlight.Configuration.exe file in the C:\Program Files\Microsoft Silverlight directory which will probably contain one or more versions of silverlight - My advice is to delete all but the latest and do an update directly from the microsoft sliverlight download site if you really have to - Skygo uses it so if you disable it lots of things aint gonna work anymore!

Comments have been disabled for this article.

	VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31) VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times. 2 user comments
	Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09) Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier. 8 user comments
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19) Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Neato, the robot vacuum company, ends its operations (02 May 2023 3:38) Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028. 5 user comments
	How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25) The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. .... 18 user comments

	Guide: Phone battery drains quickly - how to fix (iPhone / Android) In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
	GUIDE: Wi-Fi speeds are slow? Here are some tips Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues. 1 user comment
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment
	Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems. 1 user comment

Forget Java: Microsoft's Silverlight is now the most vulnerable plugin

11 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner Samsung's Jet Bot 90 AI+ is a top-class robot vacuum cleaner that can avoid obstacles and empty its own dust container. Here we review the product. 1 user comment
	Samsung Jet Bot 80+ review - excellent robot vacuum cleaner We review Samsung's Jet Bot 80+ robot vacuum cleaner over a period of three months. 1 user comment