CVE-2016-0034 | Microsoft Silverlight - Runtime Operational Intel

Executive Risk Summary

"A remote code execution vulnerability exists in Microsoft Silverlight due to the mishandling of negative offsets during decoding. This vulnerability can be exploited by an attacker to execute arbitrary code or cause a denial of service via a crafted website."

Anticipated Attack Path

1. Initial Exploitation: Attacker crafts a malicious website to exploit the vulnerability
2. Privilege Escalation: Arbitrary code execution in the context of the Silverlight Runtime
3. Post-Exploitation: Potential for lateral movement or further exploitation

Am I Vulnerable?

Verify Silverlight version is 5.1.41212.0 or later
Apply security update MS16-006
Monitor for suspicious activity related to Silverlight

Operational Audit Arsenal

Target Type Process

Target Asset AgCore.dll

Standard Path C:\Program Files\Microsoft Silverlight\5.1.41212.0

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: AgCore.dll (Process)
$Targets = 'AgCore.dll'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}