MS15-049: Vulnerability in Silverlight could allow elevation of privilege: May 12, 2015

<html><body><p>Resolves a vulnerability in Microsoft Silverlight that could allow elevation of privilege if a specially crafted Silverlight application is run on an affected system.</p><h2>Summary</h2><div>This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow elevation of privilege if a specially crafted Silverlight application is run on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system or convince a user who is logged on to execute the specially crafted application. </div><h2>Introduction</h2><div>Microsoft has released security bulletin MS15-049. To learn more about this security bulletin:<br /><ul><li>Home users:<br /><div><a href=“https://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>https://www.microsoft.com/security/pc-security/updates.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“https://www.update.microsoft.com/microsoftupdate/” target=“_self”>https://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“https://technet.microsoft.com/library/security/ms15-049” target=“_self”>https://technet.microsoft.com/library/security/MS15-049</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help installing updates:<br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals:<br /><a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based computer from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country:<br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></div><h2>More Information</h2><div><div><div><div><span><span></span></span><span><span>Security update deployment information</span></span></div><div><p></p><div><h4><span>Silverlight 5 for Mac (all editions)</span></h4><span><span>Reference Table</span><br /><br />The following table contains the security update information for this software.</span><div><table><tbody><tr><td><span><span>Security update file names</span></span></td><td><span>For Microsoft Silverlight 5 when installed on Mac:<br />Silverlight.dmg</span></td></tr><tr><td> </td><td><span>For Microsoft Silverlight 5 Developer Runtime when installed on Mac:<br />silverlight_developer.dmg</span></td></tr><tr><td><span><span>Restart requirement</span></span></td><td><span>This update does not require a restart.</span></td></tr><tr><td><span><span>Removal information</span></span></td><td><span>Open the Finder, select the system drive, open the <strong>Internet Plug-ins - Library </strong>folder, and delete the file that is named “Silverlight.Plugin.” (Be aware that the update cannot be removed without removing the Silverlight plug-in.)</span></td></tr><tr><td><span><span>File information</span></span></td><td><span>See the <a href=“#fileinfo” target>file information</a> section.</span></td></tr><tr><td><span><span>Installation verification</span></span></td><td><span>See the Update FAQ section in <a href=“https://technet.microsoft.com/library/security/ms15-049” target=“_self”>Security bulletin MS15-049</a> that addresses the question, “How do I know which version and build of Microsoft Silverlight is currently installed?”</span></td></tr></tbody></table></div><h4><span>Silverlight 5 for Windows (all supported releases)</span></h4><span><span>Reference Table</span><br /><br />The following table contains the security update information for this software.</span><div><table><tbody><tr><td><span><span>Security update file names</span></span></td><td><span>For Microsoft Silverlight 5 when installed on all supported 32-bit releases of Microsoft Windows:<br />silverlight.exe</span></td></tr><tr><td> </td><td><span>For Microsoft Silverlight 5 Developer Runtime when installed on all supported 32-bit releases of Microsoft Windows:<br />silverlight_developer.exe</span></td></tr><tr><td> </td><td><span>For Microsoft Silverlight 5 when installed on all supported 64-bit releases of Microsoft Windows:<br />silverlight_x64.exe</span></td></tr><tr><td> </td><td><span>For Microsoft Silverlight 5 Developer Runtime when installed on all supported 64-bit releases of Microsoft Windows:<br />silverlight_developer_x64.exe</span></td></tr><tr><td><span><span>Installation switches</span></span></td><td><span>See the Silverlight Enterprise Deployment Guide</span></td></tr><tr><td><span><span>Restart requirement</span></span></td><td><span>This update does not require a restart.</span></td></tr><tr><td><span><span>Removal information</span></span></td><td><span>Use <span>Add or Remove Programs</span> item in Control Panel. (Be aware that the update cannot be removed without removing Silverlight.)</span></td></tr><tr><td><span><span>File information</span></span></td><td><span>See the <a href=“#fileinfo” target>file information</a> section.</span></td></tr><tr><td><span><span>Registry key verification</span></span></td><td><span>For 32-bit installations of Microsoft Silverlight 5:<br /><strong>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight “Version” = “5.1.40416.0”</strong></span></td></tr><tr><td> </td><td><span>For 64-bit installations of Microsoft Silverlight 5:<br /><strong>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight “Version” = “5.1.40416.0”</strong>and<br /><strong>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight “Version” = “5.1.40416.0”</strong></span></td></tr></tbody></table></div></div></div></div></div><a></a><a></a></div><h2>File information</h2><div>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br /><br /><br /><div><div><div><span><span></span></span><span><span>Silverlight file information</span></span></div><div><span><div><h4>For all supported 64-bit releases of Microsoft Silverlight 5 for Windows</h4><div><table><tr><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th><th>Platform</th></tr><tr><td>Silverlight_developer_x64.exe</td><td>5.1.40416.0</td><td>17,876,256</td><td>16-Apr-2015</td><td>10:31</td><td>x86</td></tr><tr><td>Silverlight_x64.exe</td><td>5.1.40416.0</td><td>13,095,136</td><td>16-Apr-2015</td><td>10:07</td><td>x86</td></tr></table></div><h4>For all supported 32-bit versions of Microsoft Silverlight 5 for Windows</h4><div><table><tr><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th><th>Platform</th></tr><tr><td>Silverlight.exe</td><td>5.1.40416.0</td><td>6,962,912</td><td>16-Apr-2015</td><td>09:14</td><td>x86</td></tr><tr><td>Silverlight_developer.exe</td><td>5.1.40416.0</td><td>9,355,552</td><td>16-Apr-2015</td><td>09:40</td><td>x86</td></tr></table></div><h4>For all supported versions of Microsoft Silverlight 5 for Macintosh</h4><div><table><tr><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th><th>Platform</th></tr><tr><td>Silverlight.dmg</td><td>Not Applicable</td><td>15,241,387</td><td>20-Apr-2015</td><td>22:03</td><td>Not Applicable</td></tr><tr><td>Silverlight_developer.dmg</td><td>Not Applicable</td><td>20,902,420</td><td>20-Apr-2015</td><td>22:03</td><td>Not Applicable</td></tr></table></div></div><br /></span></div></div></div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Silverlight.dmg</td><td>6AA77FFE208D6EC38FCD8F20C2C8E24BDF1A3F97</td><td>03486C647182E33241A942A56E9DCD283C528A641CC0913FAB4CE194012A60B1</td></tr><tr><td>Silverlight.exe</td><td>5E77FD1CD6EBCC223B0BA9D6AAB9E8F2C3093937</td><td>84B5FCFAB16A8F276E314F6A8077BFA0E0E15DAB09B292445427A98CD42E4509</td></tr><tr><td>Silverlight_Developer.dmg</td><td>AA44336CAE8BA2F518EDD2A9A9DAE419EE2DBCB4</td><td>F7ABEFBEC44467897894FCF8A6A088842827D6CCD20DFD142DC2D36A4CE606A1</td></tr><tr><td>Silverlight_Developer.exe</td><td>88504FB3CABAEC6E994635C095BB4ADB92835694</td><td>1BA3FB451A8D6BB85553D84376CA13661B8DB41B2AE2DB3E8B0AE632A8E64258</td></tr><tr><td>Silverlight_Developer_x64.exe</td><td>7EB10A6A8FB9CADBD221986E3044CCE4C88D9EEA</td><td>05166B734A1B29C07615AB54783D712E1384D3D37927F671B269228193CD3D1E</td></tr><tr><td>Silverlight_x64.exe</td><td>2F3040E5F7028C2D42CFF848F361C06F3D237376</td><td>A3F8A7345737CEE988C52B912742E0E3AD2CB3B2676E7313B83F18878CAFB0B6</td></tr></table></div></div><br /></span></div></div></div></div></body></html>