Netflix Users In Danger of Unknowingly Picking Up Malware

An anonymous reader writes "Users of Silverlight, Microsoft's answer to Adobe Flash, are in danger of having malware installed on their computers and being none the wiser, as an exploit for a critical vulnerability (CVE-2013-0634) in the app framework has been added to the Angler exploit kit. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements." You'd think something like Silverlight would automatically upgrade itself.

Automatic upgrade

[Mr_Silver]

You'd think something like Silverlight would automatically upgrade itself.

It will, assuming that it's given a critical priority within Windows Update and the user has their machine set up to automatically download and install updates.

Come on, this is basic Windows stuff. Can we get someone on the Slashdot staff that has actually some experience of the operating system in use by 96% of the population please?

Re:Automatic upgrade

[DaHat]

If one looks at the link to CVE-2013-0634, there is a link to a MS Security Bulletin first posted in March 2013 & last updated in April... even saying:

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

Way to go editors... this bug was reported & fixed 7 months ago and only now are we to get paranoid over what it could do if Windows Update isn't enabled? sheesh

Silverlight *does* patch automatically ...

[cdrnet]

From the related MS13-022 security bulletin: "Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. "

Unless you're one of those "smart" people that use windows but disable windows update ...

Netflix?

And this is specific to Netflix users?
I don't get it.

Silverlight? No Thanks

[Scarletdown]

Back when I used to be able to stream Netflix (I since changed my account to the 3 DVDs at a time plan instead), I gave Silverlight a try. After Silverlight was installed, my video capture device with WinDVR suddenly stopped working. Suspecting Silverlight was the culprit, I set up the video capture device on a test box, and verified that it worked. Then I installed Silverlight there, and sure enough, no more video capture capability. Removed Silverlight and eradicated all traces of it from the system, and my hardware was once again working properly.

That was when I invoked the hardware owner's right. The ability for any publisher's software to run on hardware that I own is a privilege, not a right. If your product interferes with the rightful and proper operation of my property, then its privilege to exist on my system is revoked permanently.

Do not fuck with my hardware or any other software that I have installed, or you will not be permitted to run on any systems under my control, and word of your dipshittery will be passed on to others, so that they can be made aware that your software is malware.