Dear All, Malicious websites are exploiting a recently fixed vulnerability in Microsoft's Silverlight application framework to perform drive-by malware attacks on vulnerable visitor devices, a security researcher has determined. The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team. As Ars reported last July, the Silverlight exploit came to light following a hack on Hacking Team's network that exposed gigabytes worth of private e-mails and other data. Researchers with Russian antivirus provider Kaspersky Lab later discovered the vulnerability being exploited in the wild and privately reported it to Microsoft. Now, exploit code for the patched vulnerability is being distributed through Angler, one of several toolkits that criminals use to seed websites with code that carry out drive-by attacks. Please find attached advisory Kind Regards *WISDOM DONKOR (S/N Eng.)* ICANN Fellow / ISOC Member, IGF Member, Diplo Foundation OGP Working Group Member, Africa OD Working Group Member E-government and Open Government Data Platforms Specialist National Information Technology Agency (NITA) Ghana Open Data Initiative (GODI) Post Office Box CT. 2439, Cantonments, Accra, Ghana Tel; +233 20 812881 Email: [log in to unmask] [log in to unmask] [log in to unmask] Skype: wisdom_dk facebook: facebook@wisdom_dk Website: www.nita.gov.gh / www.data.gov.gh www.isoc.gh / www.itag.org.gh