Microsoft: Stop using Microsoft Silverlight. (Everyone else has)

Says websites should switch to HTML5-based playback as netizens snub plugins


Microsoft is encouraging companies that use its Silverlight media format on their web pages to dump the tech in favor of newer, HTML5-based media playback systems.

"The commercial media industry is undergoing a major transition as content providers move away from proprietary web plug-in based delivery mechanisms (such as Flash or Silverlight), and replace them with unified plug-in free video players that are based on HTML5 specifications and commercial media encoding capabilities," the software giant said in a Thursday blog post.

Similarly, Redmond observed, browser makers are moving away from supporting media plugins. Google plans to drop support for the outdated Netscape Plugin API (NPAPI) later this year, while Microsoft Edge, the new browser that will ship with Windows 10, was designed not to support plugins from the get-go.

One reason is because vulnerabilities in media plugins often become vectors for web-based attacks, something to which Silverlight fell prey last year.

Instead, Microsoft and others now recommend that web developers handle video and other media playback via a number of new protocols introduced in the ongoing HTML5 standardization effort.

Among these are the Media Source Extensions (MSE) and Encrypted Media Extensions (EME) from the World Wide Web Consortium (W3C) and MPEG-DASH and Common Encryption (CENC) from the Motion Picture Experts Group.

The inclusion of these standards in the web's set of specs has been controversial, chiefly because their primary purpose is to allow web browsers to play DRM-encumbered streaming content. The Free Software Foundation, for one, has denounced Mozilla's decision to support them in Firefox, describing it as "shocking" and "unfortunate."

Big media companies, on the other hand, have said that unless browsers support DRM-enabled streaming directly they'll deliver their content via some other means, be it a plugin or otherwise.

Netflix, for one, has said DRM is essential to its service – and it was an early adopter of Silverlight for the purpose. Now it's transitioning to HTML5-based playback, and Microsoft would like to see other companies do the same.

"We encourage companies that are using Silverlight for media to begin the transition to DASH/MSE/CENC/EME based designs and to follow a single, DRM-interoperable encoding work flow enabled by CENC," Microsoft's Edge team wrote. "This represents the most broadly interoperable solution across browsers, platforms, content and devices going forward."

Microsoft said it will continue to support Silverlight for out-of-browser applications for the dozen or so of you who are using it for that purpose, and Silverlight will still be supported in Internet Explorer 11 if you absolutely must use it on the web. ®

Similar topics

Broader topics


Other stories you might like

  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Wi-Fi hotspots and Windows on Arm broken by Microsoft's latest patches
    Only way to resolve is a rollback – but update included security fixes

    Updated Microsoft's latest set of Windows patches are causing problems for users.

    Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).

    KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.

    Continue reading
  • FabricScape: Microsoft warns of vuln in Service Fabric
    Not trying to spin this as a Linux security hole, surely?

    Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.

    The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.

    Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.

    Continue reading

Biting the hand that feeds IT © 1998–2022