Welcome to Pete Brown's 10rem.net

First time here? If you are a developer or are interested in Microsoft tools and technology, please consider subscribing to the latest posts.

You may also be interested in my blog archives, the articles section, or some of my lab projects such as the C64 emulator written in Silverlight.

(hide this)

Silverlight 5.1.10411.0 Released Today

Pete Brown - 09 May 2012

Today we released a minor update to Silverlight 5. The 32 and 64 bit update version number is 5.1.10411.0. (The documentation said 5.2 at first, but this has been fixed.)

This will be rolled out to everyone. We throttle large updates of products at the start, so for some folks it was not automatically downloaded this morning.

This is primarily an important security update addressing an TrueType security issue that was reported across a large number of products. Some folks (like me) have reported issues seeing the TechNet page which has the information about the security issue, so I've repeated it here:

Executive Summary

This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.

This security update is rated Critical for all supported releases of Microsoft Windows; for Microsoft .NET Framework 4, except when installed on Itanium-based editions of Microsoft Windows; and for Microsoft Silverlight 4 and Microsoft Silverlight 5. This security update is rated Important for Microsoft Office 2003, Microsoft Office 2007, and Microsoft Office 2010. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the most severe of these vulnerabilities by correcting the manner in which affected components handle specially crafted TrueType font files and by correcting the manner in which GDI+ validates specially crafted EMF record types and specially crafted EMF images embedded within Microsoft Office files. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.

This is more of a GDR level release, but we needed to follow a new version number scheme. The version number doesn't indicate major functionality change or enhancement, but is actually a product of the build process. I'm reading the pages of discussion in our bug database covering this versioning numbering and the reasons why it went to 5.1. It really only makes sense if you're using our internal build tools :)

Note also, that as was the case in the Silverlight 4.0 to 4.1 updates, we reset the build number. This shouldn't be a problem unless you have code that is checking a build number without looking at the version number as a whole.

Release history from http://www.microsoft.com/getsilverlight/locale/en-us/html/Microsoft%20Silverlight%20Release%20History.htm

Silverlight 5 Build 5.1.10411.0 Released May 8, 2012 

All updates to Microsoft Silverlight include functional, performance, reliability and security improvements and are backward compatible with web applications built using previous versions of Silverlight.

  • Fixes Security issue described in the following Microsoft Knowledge Base article:  2636927 MS12-034: Description of the security update for Microsoft Silverlight: May 8, 2012
  • Fixes an issue where "Best Effort" Silverlight Digital Rights Management Output Protection levels failed on some machines.
  • Fixed a failure to update OOB applications that are configured to use elevated trust when in browser.
  • Fixes an issue where persistent license acquisition would fail when a customer upgrades from Silverlight 4 to Silverlight 5.
  • Fixes an issue where certain character combinations can cause Silverlight application to crash.
  • Fixes an Access Violation described in the following Connect issue https://connect.microsoft.com/VisualStudio/feedback/details/719572
  • Fixes an issue where the SL5 plugin displays blank window after installing a font with a font name that starts with "&".
  • Fixes an issue where moving a focus to TextBox or RichTextBox after moving a focus to ItemsControl causes IME to be disabled.
  • Fixes an issue where Silverlight would not play content which required Output Protection.
  • Fixes a Silverlight DRM issue where some customers encounter hardware ID mismatch errors which can only be resolved by re-individualization.

Be sure to let us know if you run into any issues with this release.

 
posted by Pete Brown on Wednesday, May 9, 2012
filed under:  

6 comments for “Silverlight 5.1.10411.0 Released Today”

  1. Chrissays:
    Its good that we're getting bug fixes, but what is happening with the windows update for a v4->v5 upgrade? Its been 6 months already since version 5 was released and users are still not upgraded via windows update. We'd just like to know if this is planned or its no longer happening as it did in the past.
  2. Petesays:
    NOTE:

    If installing this breaks Silverlight projects in Visual studio 11 (on Windows 8 in my case), simply reinstall the Silverlight Tools from Silverlight.net.

    Yiannis: you should be good. If you want to be sure up front, install the tools to get the new developer versions of both the 64 and 32 bit runtimes.

    Pete
  3. stbearsays:
    Enviroment.Version says it's 5.0.10411.0 instead of 5.1.10411.0

    https://connect.microsoft.com/VisualStudio/feedback/details/741983/silverlight-5-may-update-incorrectly-reports-runtime-version

Comment on this Post

Remember me