MS12-007: Vulnerability in Anti-XSS Library could allow information disclosure: January 10, 2012

Article translations Article translations
Article ID: 2607664
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS12-007. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues with this security update

  • After you install this security update, certain HREF tags may be rendered incorrectly when you use the AntiXSS Library as the default encoder with ASP.NET WebForms.

    Microsoft is actively working on a new release of the AntiXSS Library to address this issue. Until the update is available, do not configure web.config to set the AntiXSS Library as the default encoder. By default, web.config is not set to use the AntiXSS Library as the default encoder. Microsoft is researching this problem and will post more information in this article when the information becomes available.

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
AntiXSS.CHM20781512/14/201112:21
Eula.rtf3650712/9/201110:16
NET20\AntiXSSLibrary.dll4.2.0.06378412/14/201113:07
NET20\AntiXSSLibrary.xml19623012/15/201111:30
NET35\AntiXSSLibrary.dll4.2.0.06276012/14/201113:07
NET35\AntiXSSLibrary.xml19623012/14/201113:00
NET40\AntiXSSLibrary.dll4.2.0.06378412/14/201113:07
NET40\AntiXSSLibrary.xml19623012/14/201113:00
SANITIZER\HtmlSanitizationLibrary.dll4.2.0.042116012/14/201113:07
SANITIZER\HtmlSanitizationLibrary.xml16925212/14/201113:00


This security bulletin applies to the following Microsoft Anti-Cross Site Scripting libraries:
  • Microsoft Anti-Cross Site Scripting Library V4.0
  • Microsoft Anti-Cross Site Scripting Library V3.1
For more information, visit the following Microsoft webpage:
Microsoft Anti-Cross Site Scripting Library V4.2

Properties

Article ID: 2607664 - Last Review: May 9, 2012 - Revision: 5.1
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2607664

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com