MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011

Article translations Article translations
Article ID: 2638420 - View products that this article applies to.
Expand all | Collapse all

On This Page

Introduction

Microsoft has released security bulletin MS11-100. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support


More information

Known issues and additional information about this security update

The security updates that are offered in security bulletin MS11-100 change the way that ASP.NET creates forms authentication tickets. The new behavior is incompatible with the previous behavior. Tickets that are generated by using the new behavior cannot be read by servers that use the old behavior, and vice versa. Therefore, because of the ticket behavior change, administrators whose applications use forms authentication must take specific steps when they deploy the security updates offered in bulletin MS11-100 to make sure that all servers switch to the new behavior concurrently.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2659968 Deployment guidance for security update 2638420, as described in MS11-100
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 2656351 MS11-100: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: December 29, 2011
  • 2656356 MS11-100: Description of the security update for the .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1: December 29, 2011
  • 2657424 MS11-100: Description of the security update for the .NET Framework 3.5 SP1 on Windows Server 2003, Windows Server 2008, Windows Vista, and Windows XP: December 29, 2011  
  • 2656352 MS11-100: Description of the security update for the .NET Framework 2.0 SP2 on Windows XP and Windows Server 2003: December 29, 2011
  • 2656362 MS11-100: Description of the security update for the .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2: December 29, 2011
  • 2656355 MS11-100: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: December 29, 2011
  • 2656358 MS11-100: Description of the security update for the .NET Framework 1.1 SP1 on 32-bit editions of Windows Server 2003 SP2: December 29, 2011
  • 2656353 MS11-100: Description of the security update for the .NET Framework 1.1 SP1 on Windows XP, Windows Vista and Windows Server 2008, and on x64 and Itanium-based versions of Windows Server 2003: December 29, 2011 

Properties

Article ID: 2638420 - Last Review: July 18, 2012 - Revision: 2.0
Applies to
  • Microsoft .NET Framework 4
  • Microsoft .NET Framework 3.5 Service Pack 1
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft .NET Framework 2.0 Service Pack 1 (x86)
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 1.1 Service Pack 1
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.0 Service Pack 3
  • Microsoft .NET Framework 1.0
  • Windows 7 Service Pack 1, when used with:
    • Windows 7 Enterprise
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows 7 Home Premium
    • Windows 7 Home Basic
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows 7 Home Premium
  • Windows 7 Home Basic
  • Windows Server 2008 R2 Service Pack 1, when used with:
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Keywords: 
kbsecvulnerability kbsecurity kbsecbulletin kbfix kbexpertiseinter kbbug atdownload KB2638420

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com