Vulnerability - Obsolete Version of Microsoft Silverlight

Hello everyone,

I have a quick question regarding the obsolete version of Microsoft Silverlight finding. Does anyone know how the scan engine detects if Silverlight is installed on the target system? In the proof section, there is only this information: Vulnerable software installed: Microsoft Silverlight 5.1.50918.0

This is not very helpful, especially when I create an assignment (ticket) to the system owner for remediation, and they tell me that there is no Silverlight installed on the target system.

Best regards,

David

1 Like

Hi David,

Our fingerprint for Silverlight will be based on the presence of an uninstaller key within the registry.

If there is no Silverlight installed on the system, then it is likely that the registry keys were not cleaned up correctly by the uninstaller.

I would recommend checking the registry for stray keys that are being found.

If this remains an issue, then submitting a support case with full logs will help us find exactly what key is triggering it.

Regards,
Kevin

2 Likes

Hi @kevin_mccabe
Thank you for your response. My colleagues did not find any Silverlight registry keys. However, I have send them the following Guide from Microsoft to clean corrupted Silverlight installations. Maybe this helps to get rid of this finding.
Clean Corrupted Silverlight Installations

I will update this case as soon as I received any feedback.

Best regards
David

This is also my problem, The rapid7 support cant find anything on their end. They recommend a 3rd party application which is the registry cleaner. I am not entirely sure why they recommend a not legitimate 3rd party application to install on the server but I I did not allow to do that.

Hello everyone,
our IT has managed to get rid of the Silverlight installation by using the guide from Microsoft which I posted in my answer to @kevin_mccabe.

Best regards
David