Microsoft security advisory: Vulnerability in the .NET Framework: May 13, 2014

Article translations Article translations
Article ID: 2960358
Expand all | Collapse all

On This Page

Introduction

This update is for the Microsoft .NET Framework to disable RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.

Summary

Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:

https://technet.microsoft.com/security/advisory/2960358

More information

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as a download URL, prerequisites, and command-line switches.
Microsoft .NET Framework 4.5.x
  • 2954853 Description of the security update for the .NET Framework 4.5.2 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014
  • 2898850 Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014
  • 2898849 Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014
  • 2938782 Description of the security update for the .NET Framework 4.5 and the .NET Framework 4.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014
Microsoft .NET Framework 4
  • 2938780 Description of the security update for the .NET Framework 4 on Windows 7 and Windows Server 2008 R2: May 13, 2014
Microsoft .NET Framework 3.5.1
  • 2898851 Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014
Microsoft .NET Framework 3.5
  • 2898847 Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: May 13, 2014
  • 2898845 Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: May 13, 2014

Update replacement information

Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.

File hash information

Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
File nameSHA1 hashSHA256 hash
MSIPatchRegFix-AMD64.exe5011CB29B096FB674A4795EE8FC2F7FDAD33863ABA62C33DD90ECC3C945AE4F52EEEB2FA07D2C53FB975263B483D09D80F02230D
MSIPatchRegFix-IA64.exeCB861EAF1F4CDFFAD5F83604C7250CD9EDD9643361867793FC7556B79E5833CC18F493A5611EDE94E0D944575E89BAA76B223A0D
MSIPatchRegFix-X86.exe94A84B80B8B45A1AC53A0E5D085513DA0F099655C83C5EE1D4FBFF5260A7D984471EAF4C6004431C21B4F661018BDB92CC124290
NDP40-KB2938780-IA64.exe297676E74C7440D3DDDF98177E7E1E26F220803FE91817C26CB5E7599ECBDDB545C693617B64097994226AE51EDB85019B801A09
NDP40-KB2938780-x64.exeE4D1A0D4AE723AF8D5376FDEB76C25952193354560AE1FF5A2EB5C5F7DDF6BEABCF758DE8C1239189503D081BF46C1FB2BC2AFD7
NDP40-KB2938780-x86.exe971653D2303EF6466ED4FB0BEC275ED063417A65BF08066E4C54CEC4023063EEB00B1DD0C0CCFCA2D440DEBD32FC9BECBE8BBAA8
NDP45-KB2938782-x64.exe67CF3CCCCC0E3123C393ADA8DA0FC0DA94BFC2B4274656EFC86750F75BC61FD874B87C1D3657B0B85539E65718011AC11AD65926
NDP45-KB2938782-x86.exe15ADFB777EAB16BA0DE504E931A0497873E832AACA38E988FE5304CD523A1D99E1DB568260ACCD8E76830D6971EB1FA7D3D3F174
NDP45-KB2954853-x64.exe60309795612C6FCC1AE546F2112BAB46B59564829C1E1152F116F70F69DADCC0970061ABB5F3D3501FD897472EA4A252D9CCDA1D
NDP45-KB2954853-x86.exeF95548229DAA73F892F95460A55F7FB5013880B9154B564B3BCB53FC66F37184D0C4F24C009A1398912EADA3D5E9C469645D68C5
Windows6.1-KB2898851-ia64.msu55A3C6E8EA23D9F290FF82B9D84AB3DBE61D55EF5D6A495D7F48F5E883E3BDA2A6EC1AA4BC5C07728011A3AC17CB0FD16542BC38
Windows6.1-KB2898851-x64.msu37F0780A032414C1FC6A98A274C319564546716F32FDCA45B01963615BDF4C117CE478057756655B4CDE1566EA009B7B39C00EB8
Windows6.1-KB2898851-x86.msuEA3CF0EC225DDA4687B928F8B1F239C41A4AF7662C8B2554189E2FE1541BFB6442122FBC82FDCFB733937DE19CB0F16948CFC3D7
Windows8-RT-KB2898849-x64.msu12C2CFBE2EAA49352A94961B46BC5E361B7C30E415DECE59F3A4231ACA65BEC64E8130CC07AEE0E41FF10E69C384111AFCF8B452
Windows8-RT-KB2898849-x86.msu657166018CD2C1441653D8965E299805A0C11967D731E65D9F523D82CA4868BD85AA7858E7EAC91A066CAB09745F70DCF4B7810A
Windows8.1-KB2898847-x64.msu8E0232C90FC7C7FE06F319AF2EA7BA3F59AF77D030ED55E167948E349D255029F450A7BDAF76FEF6BD3C58B8190EF40DB3C1D13D
Windows8.1-KB2898847-x86.msu99232A522BF0585D757107571D7C2E56A943E3AC60DAC5729C4D8460D1CBCF228FDD824426053B0830267DC82CB85F9D3CCA8BB6
Windows8.1-KB2898850-x64.msu9FFDFDEAC9011569D1B14CF2DBF926257C50186D1A605C26FD560E15134F5C39452EBAD54697C8E67999FFE86A9DD1C3992AF7BF
Windows8.1-KB2898850-x86.msu8F023B22DD2B9D9DA9F6984979D8ECA6018C14CADA11BF3460725BCEFF217EE6DD8FB202AD39182C07E05707DE776192C6E1DB4B
Collapse this imageExpand this image
assets folding end collapsed

Applies to

This article applies to the following:
  • Microsoft .NET Framework 4.5.2 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 4.5.1 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 4.5 when used with:
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 4 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 3.5.1 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 3.5 when used with:
    • Windows 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows Server 2012

Properties

Article ID: 2960358 - Last Review: May 13, 2014 - Revision: 1.0
Keywords: 
kbsecvulnerability kbsecurity kbsecbulletin kbfix kbexpertiseinter kbbug atdownload KB2960358

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com