MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

Where are the file information details?
Refer to the reference tables in the Security Update Deployment section for the location of the file information details.

What is Silverlight?
Microsoft Silverlight is a cross-browser, cross-platform implementation of the Microsoft .NET Framework for building media experiences and rich interactive applications for the Web. For more information, see the official site of Microsoft Silverlight.

Which Web browsers support Silverlight applications?
In order to run Silverlight applications, most Web browsers, including Microsoft Internet Explorer, require Silverlight to be installed and the corresponding plug-in to be enabled. For more information about Silverlight, see the official site, Microsoft Silverlight. Please refer to the documentation of your browser to learn more about how to disable or remove plug-ins.

What versions of Microsoft Silverlight 3 are affected by the vulnerabilities?
Microsoft Silverlight build 3.0.50106.0 and previous builds are affected. Microsoft Silverlight build 3.0.50611.0, which is the current build of Silverlight as of when this bulletin was first released, addresses the vulnerabilities and is not affected.

How do I know which version and build of Silverlight is currently installed?
If Silverlight is already installed on your computer, you can visit the Get Microsoft Silverlight page, which will indicate which version and build of Silverlight are currently installed on your system. Alternatively, you can use the Manage Add-Ons feature of current versions of Microsoft Internet Explorer to determine the version and build information that is currently installed.

You can also manually check the version number of sllauncher.exe located in the "%ProgramFiles%\Microsoft Silverlight" directory (on x86 Microsoft Windows systems) or in the "%ProgramFiles(x86)%\Microsoft Silverlight" directory (on x64 Microsoft Windows systems).

In addition, on Microsoft Windows, the version and build information of the currently installed version of Microsoft Silverlight can be found in the registry at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight]:Version on x86 Microsoft Windows systems, or [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight]:Version on x64 Microsoft Windows systems.

On Apple Mac OS, the version and build information of the currently installed version of Microsoft Silverlight can be found as follows:

The version installed with this security update is 3.0.41130.0. If your version number is higher than or equal to this version number, your system is not vulnerable.

How do I upgrade my version of Silverlight?
The Silverlight auto-update feature helps makes sure that your Silverlight installation is kept up to date with the latest version of Silverlight, Silverlight functionality, and security features. For more information about the Silverlight auto-update feature, see the Microsoft Silverlight Updater. Customers who have disabled the Silverlight auto-update feature can enroll in Microsoft Update to obtain the latest version of Silverlight, or download the latest version of Silverlight manually using the download link in the Affected Software table in the earlier section, Affected and Non-Affected Software. For information about deploying Silverlight in an enterprise environment, see the Silverlight Enterprise Deployment Guide.

Does this update contain any non-security related changes to functionality?
For more information about non-security changes included in the current version of Silverlight, please see Microsoft Silverlight Release History.

I am using an older release of the software discussed in this security bulletin. What should I do?
The affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, visit the Microsoft Support Lifecycle Web site.

It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Lifecycle Supported Service Packs.

Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Microsoft Support Lifecycle Policy FAQ.