Users of Silverlight, Microsoft’s answer to Adobe Flash, are in danger of having malware installed on their computers and being none the wiser, as an exploit for a critical vulnerability (CVE-2013-0634) in the app framework has been added to the Angler exploit kit.
“The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website,” Microsoft explained. “The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.”
The victims only need to be tricked into visiting such a website – an unfortunately very easy task for the attackers.
Silverlight has failed to surpass the popularity of Flash, but it’s nonetheless used by many users around the world, including over 40 million users of popular on-demand Internet streaming service Netflix.
The integration of the exploit in the Angler exploit kit has been first noticed by Chris Wakelin and subsequently analyzed by the researcher behind the Malware don’t need Coffee blog, and has since been confirmed by others.
“Upon landing on the exploit page, the Angler exploit kit will determine if Silverlight is installed and what version is running. If the conditions are right, a specially crafted library is triggered to exploit the Silverlight vulnerability,” warns Malwarebytes’ Jerome Segura. “As with all exploit kits, leveraging vulnerabilities is just an intermediary step for the real motive: pushing malware onto the victim’s machine.”
The vulnerability has been patched by Microsoft earlier this year, but we all know that many, many users are pretty lax when it comes to keeping their software updated.
In this particular case, many users who have installed Silverlight might have actually forgot that they have it on their computer, and are woefully behind when it comes to security updates. Segura advises all users who know they are using Silverlight to update to the latest version available, and to change the settings so that the updates are installed automatically from that moment on.
“We can expect this CVE to be integrated into other exploit kits soon, so it is important to make sure you patch all your machines now,” he says. ” If you don’t need Silverlight (or other plugins), simply remove it altogether as that will help to reduce your surface of attack.”