This month’s Patch Tuesday rollout, which brought us a total of 5 security bulletins for various products across Microsoft’s range, also included a new Silverlight version that’s supposed not only to bring some important security fixes, but also to implement some performance improvements for all users.
Silverlight 5 build 5.1.30214.0 is specifically designed to address a security feature bypass in the plug-in on several versions of the Windows operating system.
Microsoft claims that the vulnerability hasn’t been disclosed publicly, so no attacks have been recorded so far, but this doesn’t mean that users shouldn’t install the new update as soon as possible.
“The issue wasn’t publicly known and it isn’t under active attack, however it can impact your security in ways that aren’t always obvious. Specifically, the update removes an avenue attackers could use to bypass ASLR protections,” Microsoft explained in a security advisory rolled out today.
“Fixes like this one increase the cost of exploitation to an attacker, who must now find a different way to make their code execution exploit reliable.”
According to the official release notes published this morning for this new build, Silverlight 5 build 5.1.30214.0 also comes to enable support for Internet Explorer 11 Enhanced Protected Mode (EPM) and reporting of unavailable features, but also to make it possible to enable reporting of unavailable features in the sandboxed Safari 7 on Mac OS X.
“All updates to Microsoft Silverlight include functional, performance, reliability and security improvements and are backward compatible with web applications built using previous versions of Silverlight,” Microsoft says.
If you’re already running Silverlight on your computer, the new version is automatically deployed via Windows Update; otherwise, you’ll have to download and install it manually.
Patch Tuesday brought us a total of five different security bulletins, two of which are marked as critical and are aimed at flaws in Internet Explorer and Silverlight.
Microsoft recommends users to prioritize the deployment of MS14-014 and MS14-012 which are addressing the aforementioned flaws and are supposed to keep your computer on the safe side by patching critical vulnerabilities.
All these Windows patches are automatically delivered to computers via Windows Update, which makes it very simple for all users out there to deploy them on their machines, but system administrators can also download everything manually and install the fixes on computers without web connections.
Additionally, a security release ISO image for March 2014 updates is also available to get all Windows patches faster on your computer.