Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netflix Users In Danger of Unknowingly Picking Up Malware

Posted by Unknown on from the perils-of-deprecated-proprietary-software dept.

An anonymous reader writes "Users of Silverlight, Microsoft's answer to Adobe Flash, are in danger of having malware installed on their computers and being none the wiser, as an exploit for a critical vulnerability (CVE-2013-0634) in the app framework has been added to the Angler exploit kit. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements." You'd think something like Silverlight would automatically upgrade itself.

7 of 153 comments (clear)

  1. Automatic upgrade by Mr_Silver · · Score: 5, Informative

    You'd think something like Silverlight would automatically upgrade itself.

    It will, assuming that it's given a critical priority within Windows Update and the user has their machine set up to automatically download and install updates.

    Come on, this is basic Windows stuff. Can we get someone on the Slashdot staff that has actually some experience of the operating system in use by 96% of the population please?

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
    1. Re:Automatic upgrade by DaHat · · Score: 5, Informative

      If one looks at the link to CVE-2013-0634, there is a link to a MS Security Bulletin first posted in March 2013 & last updated in April... even saying:

      Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

      Way to go editors... this bug was reported & fixed 7 months ago and only now are we to get paranoid over what it could do if Windows Update isn't enabled? sheesh

      --
      Help Brendan pay off his student loans
    2. Re:Automatic upgrade by Anonymous Coward · · Score: 5, Funny

      But the headline, it's so scary. Netflix users BEWARE! There be DRAGONS ahead. Boo!

  2. Silverlight *does* patch automatically ... by cdrnet · · Score: 5, Informative

    From the related MS13-022 security bulletin: "Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. "

    Unless you're one of those "smart" people that use windows but disable windows update ...

    1. Re:Silverlight *does* patch automatically ... by Anonymous Coward · · Score: 5, Funny

      Unless you're one of those "smart" people that use windows

      I usually take the stairs or the elevator, but I guess if you're in a hurry....

  3. Hey come on, gotta hate on MS! by Sycraft-fu · · Score: 5, Insightful

    I mean if some random shit "security blog" posts a trumped up story to try and get traffic, it is Slashdot's DUTY to repeat it here, with no checking or verification! After all, better everyone is scared of their own shadow than informed about security.

    Seriously this is just pathetic. As I said: This is some random ass site that is trying to get people to come and read, and it worked. By making a scare story about how Netlfix users on Windows are vulnerable they managed to get some Linux fanboy to submit the story to Slashdot. The editors then did what they do, which is to say NOT EDIT and just posted it. Great success for shit site, they now got a bunch of undeserved traffic.

    What is sadder is how uninformed this makes all involved look. the statement of "You'd think something like Silverlight would automatically upgrade itself." Yes, it DOES you fucking moron. One thing you have to give MS is that Windows update will patch all their stuff for you. Let it do its thing and you get security updates, as they are released. You don't need to pay attention or anything, it'll just happen. This includes things not installed by default like Silverlight, or older versions of the .NET runtimes.

    This is just a massive pile of fail. It is not news, not even really old news. There was a bug, they patched it. This would be "how shit works", or at least how it should.

  4. How does this stuff get the green light? by WD · · Score: 5, Insightful

    1) This has nothing to do with Netflix. I am a Netflix user and I suspect that my Roku is not affected by the vulnerability in question.
    2) Silverlight *does* get updated with automatic updates.
    3) The vulnerability in question was fixed in March (MS13-022).