The number of drive-by malware attacks that exploit vulnerabilities in Microsoft's Silverlight application framework may be surpassing those that abuse Oracle's Java framework, according to a recent analysis of one popular hack-by-numbers tool kit.

Since April 23, the Angler exploit kit has shown a significant uptick in attacks that target Silverlight users, according to a blog post published Monday by Levi Gundert, technical lead in Cisco Systems' threat research group. While the Silverlight exploits were accompanied by attacks that also targeted Adobe's Flash player, the recent campaign failed to trigger vulnerabilities in Oracle's Java framework, which over the past couple of years, has become widely targeted by malicious hackers who surreptitiously install malware by exploiting vulnerable software on end users' computers.

To succeed, the Angler campaign observed by Gundert had to exploit two Silverlight vulnerabilities, one that Microsoft patched 14 months ago and the other that was fixed in October. CVE-2013-0074 gave attackers the ability to remotely execute malicious code, while CVE-2013-3896 provided the means to bypass data execution prevention, a security mitigation added to most Microsoft applications in recent years. The measure prevents most data loaded into memory from being executed.

"We should expect these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates," Gundert wrote. "Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft’s life cycle schedule suggests Silverlight 5 will be supported through October, 2021."

In recent months, Java has become harder to exploit in many browsers because users must click on an icon before Java code is executed. Another reason that may explain the rise in Silverlight exploits is user apathy in installing updates. The steady stream of attacks that target Java and Flash have increased awareness about the importance of installing security patches for those two applications or uninstalling them if they're not needed. People who have Silverlight installed on their computers should make sure they're running the latest version. At the moment, that's version 5 (5.1.30214.0).