Enlarge (credit: Malware Don't Need Coffee)
Malicious websites are exploiting a recently fixed vulnerability in Microsoft's Silverlight application framework to perform drive-by malware attacks on vulnerable visitor devices, a security researcher has determined.
The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team. As Ars reported last July, the Silverlight exploit came to light following a hack on Hacking Team's network that exposed gigabytes worth of private e-mails and other data. Researchers with Russian antivirus provider Kaspersky Lab later discovered the vulnerability being exploited in the wild and privately reported it to Microsoft.
Now, exploit code for the patched vulnerability is being being distributed through Angler, one of several toolkits that criminals use to seed websites with code that carry out drive-by attacks. The Silverlight attack was spotted earlier this week by a researcher who goes by the moniker Kafeine. The vulnerability is indexed as CVE-2016-0034.