Article ID: 2607664 - Last Review: January 16, 2012 - Revision: 3.0

MS12-007: Vulnerability in Anti-XSS Library could allow information disclosure: January 10, 2012

System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

INTRODUCTION

Microsoft has released security bulletin MS12-007. To view the complete security bulletin, visit one of the following Microsoft websites:
Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support website:
http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)
North American customers can also obtain instant access to unlimited no-charge email support or to unlimited individual chat support by visiting the following Microsoft website:
http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)
For enterprise customers, support for security updates is available through your usual support contacts.
Back to the top

MORE INFORMATION

Known issues with this security update

  • After you install this security update, certain HREF tags may be rendered incorrectly when you use the AntiXSS Library as the default encoder with ASP.NET WebForms.

    Microsoft is actively working on a new release of the AntiXSS Library to address this issue. Until the update is available, do not configure web.config to set the AntiXSS Library as the default encoder. By default, web.config is not set to use the AntiXSS Library as the default encoder. Microsoft is researching this problem and will post more information in this article when the information becomes available.
Back to the top

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
AntiXSS.CHM20781512/14/201112:21
Eula.rtf3650712/9/201110:16
NET20\AntiXSSLibrary.dll4.2.0.06378412/14/201113:07
NET20\AntiXSSLibrary.xml19623012/15/201111:30
NET35\AntiXSSLibrary.dll4.2.0.06276012/14/201113:07
NET35\AntiXSSLibrary.xml19623012/14/201113:00
NET40\AntiXSSLibrary.dll4.2.0.06378412/14/201113:07
NET40\AntiXSSLibrary.xml19623012/14/201113:00
SANITIZER\HtmlSanitizationLibrary.dll4.2.0.042116012/14/201113:07
SANITIZER\HtmlSanitizationLibrary.xml16925212/14/201113:00


This security bulletin applies to the following Microsoft Anti-Cross Site Scripting libraries:
  • Microsoft Anti-Cross Site Scripting Library V4.0
  • Microsoft Anti-Cross Site Scripting Library V3.1
For more information, visit the following Microsoft webpage:
Microsoft Anti-Cross Site Scripting Library V4.2 (http://www.microsoft.com/download/en/details.aspx?id=28589)
Back to the top
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2607664
Back to the top