HITBGSEC

Debug code cracked case in hunt for mystery Silverlight zero day

https://regmedia.co.uk/2015/10/15/anonymous_98734345345.jpg?x=648&y=348&crop=1

Kaspersky has revealed how it tracked an exploit developer's debug signature over months to find and report to Microsoft a dangerous, then zero-day vulnerability in Silverlight that could have placed millions of users at risk of compromise.

The Russian security outfit reported (CVE-2016-0034) the bug late last year which was crushed in this week's Patch Tuesday update.

Kaspersky threat-throttlers Costin Raiu and Anton Ivanov write that the vulnerability was found after analysing leaked Hacking Team emails that reveal Russian hacker Vitaliy Toropov attempted to sell multiple zero days to the flayed Italian firm.

Tags: