MS10-070: Vulnerability in ASP.NET could allow information disclosure

Article translations Article translations
Article ID: 2418042 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS10-070. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

For more information about how to configure legacy encryption mode in ASP.NET, click the following article number to view the article in the Microsoft Knowledge Base:
2425938 How to configure legacy encryption mode in ASP.NET

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.

2416447 MS10-070: Description of the security update for the Microsoft .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 (64-bit), Windows Vista, and Windows Server 2008
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 1.1 Service Pack 1, click the following article numbers to view the articles in the Microsoft Knowledge Base:
    2433751 FIX: Forms authentication cookies compatibility issue between .NET Framework 1.1 and .NET Framework 2.0 SP2 ASP.NET applications after you apply the security update from security bulletin MS10-070
    2431208 An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending
    923100 When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code "0x643" or Windows Installer error code "1603"
    938244 The file version is rolled back to the version that was installed by the last service pack when you remove an update for the .NET Framework 1.0, the .NET Framework 1.1, Visual Studio .NET 2002 or Visual Studio .NET 2003
    2197103 A known issue when you try to install an update on a computer that does not have the Microsoft .NET Framework 1.1 Service Pack 1 installed
    923101 Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: "Error 1324. The folder 'Program Files' contains an invalid character"
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2416473 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
    2431806 Updates for the .NET Framework 2.0 Service Pack 2, the .NET Framework 3.0 Service Pack 2, or the .NET Framework 3.5 Service Pack 1 may not correctly update files even when installation of the update succeeds
    2431208 An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending
    923100 When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code "0x643" or Windows Installer error code "1603"
    923101 Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: "Error 1324. The folder 'Program Files' contains an invalid character"
    2197146 Updates for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 may cause the Microsoft Knowledge Base article number to appear instead of the full title of the update in the Add or Remove Programs item in Control Panel
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
2416474 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack, click the following article number to view the article in the Microsoft Knowledge Base:
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2416754 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5.1 in Windows 7 Service Pack 1 beta and in Windows Server 2008 R2 Service Pack 1 beta
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5.1, click the following article number to view the article in the Microsoft Knowledge Base:
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2418240 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 on Windows Server 2008, on Windows Vista, on Windows XP, and on Windows Server 2003
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5, click the following article number to view the article in the Microsoft Knowledge Base:
    923100 When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code "0x643" or Windows Installer error code "1603"
    923101 Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: "Error 1324. The folder 'Program Files' contains an invalid character"
    2197148 A known issue with the Microsoft .NET Framework 2.0 Service Pack 1 updates and the Microsoft .NET Framework 3.5 updates
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2418241 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and on Windows XP
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
    2431806 Updates for the .NET Framework 2.0 Service Pack 2, the .NET Framework 3.0 Service Pack 2, or the .NET Framework 3.5 Service Pack 1 may not correctly update files even when installation of the update succeeds
    2431208 An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending
    923100 When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code "0x643" or Windows Installer error code "1603"
    923101 Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: "Error 1324. The folder 'Program Files' contains an invalid character"
    2197146 Updates for the .NET Framework 3.5 Service Pack 1 and the .NET Framework 2.0 Service Pack 2 may cause the Microsoft Knowledge Base article number to appear instead of the full title of the update in the Add or Remove Programs item in Control Panel
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2416451 MS10-070: Description of the security update for the Microsoft .NET Framework 1.1 Service Pack 1 on 32-bit editions of Windows Server 2003 Service Pack 2 and Windows Server 2003 R2 Service Pack 2
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 1.1 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
    2433751 FIX: Forms authentication cookies compatibility issue between .NET Framework 1.1 and .NET Framework 2.0 SP2 ASP.NET applications after you apply the security update from security bulletin MS10-070
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
2416468 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 on Windows Server 2003 and on Windows XP
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5, click the following article numbers to view the articles in the Microsoft Knowledge Base:
    2431208 An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending
    923100 When you try to install an update for the .NET Framework 1.0, 1.1, 2.0, 3.0, or 3.5, you may receive Windows Update error code "0x643" or Windows Installer error code "1603"
    923101 Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: "Error 1324. The folder 'Program Files' contains an invalid character"
    2197148 A known issue with the Microsoft .NET Framework 2.0 Service Pack 1 updates and the Microsoft .NET Framework 3.5 updates
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2416469 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 on Windows Vista Service Pack 1 and on Windows Server 2008
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2416470 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 2 and on Windows Server 2008 Service Pack 2
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 2.0 Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
    2436257 Updates for the .NET Framework 2.0 SP2 and .NET Framework 3.0 SP2 may chain install other updates
2416471 MS10-070: Description of the security update for the Microsoft .NET Framework 3.5.1 in Windows 7 and in Windows Server 2008 R2
  • For more information about installation issues with this security update or with the Microsoft .NET Framework 3.5.1, click the following article number to view the article in the Microsoft Knowledge Base:
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
2416472 MS10-070: Description of the security update for the Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
  • For more information about installation issues with this security update or with the Microsoft .NET Framework Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
    2431208 An update for the Microsoft .NET Framework may fail to install when the Microsoft .NET Framework 4 is installed and a restart is pending
    2260913 Files in use or File Locks can Result in Framework Assembly Files being Deleted
    2263996 Patching of Microsoft Framework can fail with Access is denied or File in Use error
    2473228 Products or updates may not be installed correctly when Microsoft .NET Framework 4 or updates for Microsoft .NET Framework 4 are installed after the other product or update installs and a restart is pending
The following known issue affect all of the updates that are described in Security Bulletin MS10-070:
2431728 Encrypted content in ASP.NET is not decrypted for a website that is deployed in a web farm

Properties

Article ID: 2418042 - Last Review: May 11, 2012 - Revision: 7.0
APPLIES TO
  • Microsoft .NET Framework 4
  • Microsoft .NET Framework 3.5 Service Pack 1
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft .NET Framework 1.1 Service Pack 1
  • Windows 7 Enterprise
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Windows Vista Service Pack 1, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2418042

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com