Select the product you need help with
MS07-040: Vulnerabilities in the .NET Framework could allow remote code executionArticle ID: 931212 - View products that this article applies to. On This PageINTRODUCTIONMicrosoft has released security bulletin MS07-040. This security bulletin contains all the relevant information about the corresponding security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:
More informationKnown issues with this security updateThe following table lists the known issues with this security update. Help installing updates: Support for Microsoft Update
(http://support.microsoft.com/ph/6527)
Security solutions for IT professionals: TechNet Security Troubleshooting and Support
(http://technet.microsoft.com/security/bb980617.aspx)
Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
(http://support.microsoft.com/contactus/cu_sc_virsec_master)
Local support according to your country: International Support
(http://support.microsoft.com/common/international.aspx)
To use the table, look in the top two rows of the table. Locate the column of the appropriate Microsoft Knowledge Base article number for the update that corresponds to the .NET Framework version that you are using. The rows that contain an "X" correspond to a Knowledge Base article that describes a known issue for the .NET Framework version that you are using. Click the article numbers in the left column to view the article. Collapse this table
Microsoft Knowledge Base articles that describe the known issues with this security updateFor more information about the known issues that are referenced in this table, click the following article numbers to view the articles in the Microsoft Knowledge Base:923100
(http://support.microsoft.com/kb/923100/
)
When you try to install an update for the .NET Framework 1.0, 1.1, or 2.0, you may receive Windows Update error code "0x643" or Windows Installer error code "1603"923101
(http://support.microsoft.com/kb/923101/
)
Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: "Error 1324. The folder 'Program Files' contains an invalid character" 931846
(http://support.microsoft.com/kb/931846/
)
You may be unable to execute SQL Server 2005 Integration Services packages that contain script tasks or script components 934229
(http://support.microsoft.com/kb/934229/
)
The "Add Link to Site" page stops responding, and the link is not added when you try to add a new link to the Site Directory in a SharePoint Portal Server 2003 site934711
(http://support.microsoft.com/kb/934711/
)
Error message when you restart the computer after you uninstall a security update for the .NET Framework 1.1: "This application has requested the Runtime to terminate in an unusual way" 934712
(http://support.microsoft.com/kb/934712/
)
Warning message when you try to install a .NET Framework 1.0 Service Pack 3 or .NET Framework 1.1 Service Pack 1 security update on a Windows Vista-based computer: "An unidentified program wants to access your computer"934793
(http://support.microsoft.com/kb/934793/
)
Description of the SharePoint Server 2007 hotfix package: April 12, 2007 936597
(http://support.microsoft.com/kb/936597/
)
The application or control does not run when you try to run .NET Framework 1.0 HREF tags to point to a managed executable application or to a control 939160
(http://support.microsoft.com/kb/939160/
)
The file version is rolled back to the version that was installed by the last service pack when you remove some security updates for the .NET Framework 1.1 or for the .NET Framework 1.0 939949
(http://support.microsoft.com/kb/939949/
)
Error message when you run an application or try to access a Web site on a computer that has a particular .NET Framework 2.0 software update installed: "Culture name 'Culture' is not supported" 940332
(http://support.microsoft.com/kb/940332/
)
Error message when you install an update for the .NET Framework 1.1 or for the .NET Framework 1.0: "The upgrade patch cannot be installed by the Windows Installer service"940521
(http://support.microsoft.com/kb/940521/
)
The behavior of the UTF8Encoding class, the UnicodeEncoding class, and the UTF32Encoding class changes after you install the security update for the .NET Framework 2.0 that is described in security bulletin MS07-040940947
(http://support.microsoft.com/kb/940947/
)
Error message after you install security update 931212 (MS07-040) in Windows 2000 with Service Pack 4: "Error 127: the specified procedure could not be found"941386
(http://support.microsoft.com/kb/941386/
)
FIX: Error message when you run an ASP.NET 2.0 Web application that is built on the .NET Framework 2.0 after you install the MS07-040 security update: "Type 'System.Web.HttpHeaderCollection' is not marked as serializable"941789
(http://support.microsoft.com/kb/941789/
)
You receive error messages after you install security update 931212 (MS07-040) on a Windows SharePoint Services 3.0 Web front-end server or on a SharePoint Server 2007 Web front-end server942086
(http://support.microsoft.com/kb/942086/
)
FIX: Error message when you run an ASP.NET 2.0 Web application that is built on the .NET Framework 2.0: "The constructor to deserialize an object of type '<custom object>' was not found"943804
(http://support.microsoft.com/kb/943804/
)
FIX: Certain Unicode characters returned by the Application.ExecutablePath property in the .NET Framework 2.0 are displayed as "?"944746
(http://support.microsoft.com/kb/944746/
)
FIX: Event ID: 1008 occurs after you apply security update MS07-040 on a computer that has the .NET Framework 1.0 installed
944925
(http://support.microsoft.com/kb/944925/
)
FIX: You may receive an exception error message when you serialize an ObjRef object between the client computer and the server computer after you install the MS07-040 update on only the client computer
Microsoft Knowledge Base articles that describe the individual packages for this security updateFor more information about the individual packages for this security update, click the following article numbers to view the articles in the Microsoft Knowledge Base:930494
(http://support.microsoft.com/kb/930494/
)
Description of the security update for the .NET Framework 1.0 Service Pack 3 for Windows XP Media Center and Windows XP Tablet PC: July 10, 2007
928367
(http://support.microsoft.com/kb/928367/
)
Description of the security update for the .NET Framework 1.0 Service Pack 3 for Windows Vista, Windows Server 2003, Windows XP, and Windows 2000: July 10, 2007
928366
(http://support.microsoft.com/kb/928366/
)
Description of the security update for the .NET Framework 1.1 Service Pack 1 for Windows XP and Windows 2000: July 10, 2007
933854
(http://support.microsoft.com/kb/933854/
)
Description of the security update for the .NET Framework 1.1 Service Pack 1 for Windows Server 2003: July 10, 2007
929729
(http://support.microsoft.com/kb/929729/
)
Description of the security update for the .NET Framework 1.1 Service Pack 1 for Windows Vista: July 10, 2007
928365
(http://support.microsoft.com/kb/928365/
)
Description of the security update for the .NET Framework 2.0 for Windows Server 2003, Windows XP, and Windows 2000: July 10, 2007
929916
(http://support.microsoft.com/kb/929916/
)
Description of the security update for the .NET Framework 2.0 for Windows Vista: July 10, 2007
Additional information about this security updateAfter you install this security update, the behavior of UTF8Encoding, UnicodeEncoding, and UTF32Encoding change to comply to the Unicode 5.0 requirements for Unicode encodings. Unauthorized and invalid bytes are not removed. Instead, they are replaced by the Unicode character U+FFFD, the Unicode replacement character.For more information about this behavior, click the following article number to view the article in the Microsoft Knowledge Base: 940521
(http://support.microsoft.com/kb/940521/
)
The behavior of the UTF8Encoding class, the UnicodeEncoding class, and the UTF32Encoding class changes after you install the security update for the .NET Framework 2.0 that is described in security bulletin MS07-040
Affected softwareThis article applies to the following versions of the Microsoft .NET Framework when used with the corresponding Microsoft operating systems:
PropertiesArticle ID: 931212 - Last Review: July 18, 2012 - Revision: 14.0
| Article Translations
 |
Back to the top
