Customers who have not enabled automatic updating need to check for updates and install this update manually. Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information. The security update addresses the vulnerability by upgrading previous versions of Silverlight to Silverlight version 5.0, which is the first version of Silverlight 5 that is not affected by the vulnerability. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. The security update addresses this vulnerability by correcting how Microsoft Silverlight checks memory pointers when rendering HTML objects. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update is rated Critical for Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac and all supported releases of Microsoft Windows. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. In all cases, however, an attacker would have no way to force users to visit a website. Such websites could contain specially crafted content that could exploit this vulnerability. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.
#MICROSOFT SILVERLIGHT FOR MAC CHECK CODE#
The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. This security update resolves a privately reported vulnerability in Microsoft Silverlight.
Version: 1.2 General Information Executive Summary Security Bulletin Microsoft Security Bulletin MS13-022 - Critical Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
0 kommentar(er)
