MS15-129: Security update for Silverlight to address remote code execution: December 8, 2015

Applies to: SilverlightSilverlight


This security update resolves vulnerabilities in Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if Microsoft Silverlight incorrectly handles certain open and close requests that could result in read and write access violations. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites that contain specially crafted content that accept or host user-provided content or advertisements.

An attacker would be unable to force users to visit a compromised website. Instead, an attacker would have to convince a user to take action, such as clicking a link that takes the user to the attacker's website.

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-129.

More Information

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

More Information