Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How vulnerable is Silverlight security?

Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it.

I'm concerned about the recent spike in Microsoft Silverlight attacks. How much of a threat does Silverlight p...

ose?

Unpatched applications on desktops are one of the most significant challenges in securing traditional client systems, leaving enterprises vulnerable to exploits that could and should be patched to stay secure.

In a blog post, Cisco security researcher Levi Gundert described a popular exploit kit that includes a Silverlight exploit. It was distributed via malicious ads, and the Silverlight vulnerability was used in the exploit to run malicious code on the endpoint. Silverlight has gained market share and is installed on more computers nowadays, so attackers decided it was worth their time to add Silverlight exploits to their exploit toolkits.

The increased use of Silverlight in exploit kits could be attributed to the fact that attackers identified that Silverlight was not being patched regularly and realized that awareness of the software was relatively low, making it an ideal target. Now that Silverlight has been included in a successful exploit kit, other attacks will follow suit and Silverlight will likely start showing up in other exploit kits and be used in more attacks.

When it comes to defending against attacks using Silverlight, addressing only the additional risks from vulnerabilities in Silverlight is ineffective if the other applications installed on a system are not also being kept up to date. Silverlight, like all applications, will require a security patch to address issues that may be exploited in an attack.

When patches are released, enterprises should plan on installing them for all of the systems with sensitive data in a regular and comprehensive cycle. Only installing operating system patches is not sufficient; enterprises should also evaluate their desktop patching process to validate that Silverlight is being patched.

Until organizations keep Silverlight -- and all other applications and systems -- patched and up to date, hackers will continue to exploit the vulnerabilities in it.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

Next Steps

Learn security patch management best practices and get help overcoming the challenges of patch management.

This was last published in November 2014

Dig Deeper on Emerging cyberattacks and threats

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Anyone who is not updating the software on their system leaves the door open for attacks. If you are not using the software and do not want to bother with the updates and patches, remove it. If people are exploiting the program, until the door is shut they will keep using this way to access systems.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close