MS13-022 fixlets and default action

(imported topic written by SystemAdmin)

I was just asked about the MS13-022 fixlets and I noticed that the fixlet “1302201 MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight” has no default action as stated in the notes. The other 3 fixlets also state that there is no default action in the notes, but they all have a default action.

I cannot see anything in the notes that suggests why it should not have a default action. Usually when I see this, I can go to the description in the fixlet to see (ie, Java) or to the known issues on the MS website.

Any ideas?

Thanks

Martin Carnegie

Gulf Breeze Software Partners

http://www.gulfsoft.com

(imported comment written by SystemAdmin)

I just found this link http://msdn.microsoft.com/en-us/library/hh397894(v=vs.95).aspx

Maybe this could be referenced in the description.

Martin Carnegie

Gulf Breeze Software Partners

http://www.gulfsoft.com

(imported comment written by liuhoting)

Thanks. That KB article mentions only upgrading from Silverlight 4 to 5, but actually, the patch also applies to even older versions of Silverlight. For any customers that might still be running and depending on really old versions of Silverlight, we wanted them to not just blindly apply everything that was relevant, so we removed the default action.

Good catch on not all of them having the default action in place though. We’ll poke back when it’s republished.

(imported comment written by TerryWeiChao)

The following fixlets were updated to remove the Default Action.

MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight 5 for Developers (ID: 1302203)

MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight 5 (x64) (ID: 1302205)

MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution - Silverlight 5 for Developers (x64) (ID: 1302207)