MS13-004: Vulnerability in the .NET Framework could allow elevation of privilege: January 8, 2013

Introduction

Microsoft has released security bulletin MS13-004. You can view the complete security bulletin by going to one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security troubleshooting and support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support based on your region and country: International support

More Information

Known issues and additional information about this update

The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information about the individual updates, such as a download URL, prerequisites, and command-line switches.

Microsoft .NET Framework 4.5
  • 2742614 MS13-004: Description of the security update for the .NET Framework 4.5 on Windows 8, Windows RT, and Windows Server 2012: January 8, 2013
  • 2742613 MS13-004: Description of the security update for the .NET Framework 4.5 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: January 8, 2013

Microsoft .NET Framework 4
  • 2742595 MS13-004: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: January 8, 2013





    Known issues in security update 2742595:
    • After you install this security update on a system that is running Windows Communication Foundation (WCF) and the Microsoft .NET Framework 4.0, and that is hosted on an Internet Information Services (IIS) web server, you may receive an error message that resembles the following:

      System.NotSupportedException: The SSL settings for the service 'None' does not match those of the IIS 'Ssl, SslNegotiateCert, SslRequireCert'.

Microsoft .NET Framework 3.5.1
  • 2756921 MS13-004: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: January 8, 2013
  • 2756920 MS13-004: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: January 8, 2013




    Known issues in security update 2756920:
    • After you install this security update on a system that is running Windows Communication Foundation (WCF), you may receive an error message that resembles the following:


      System.ServiceModel.Ativation.iis7helper.extendedprotectiondotlessspnnotenabledthrowhelper(system.object)


  • 2742599 MS13-004: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: January 8, 2013
  • 2742598 MS13-004: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: January 8, 2013

Microsoft .NET Framework 3.5
  • 2756923 MS13-004: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: January 8, 2013
  • 2742616 MS13-004: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: January 8, 2013

Microsoft .NET Framework 3.0
  • 2756919 MS13-004: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: January 8, 2013
  • 2756918 MS13-004: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003: January 8, 2013

Microsoft .NET Framework 2.0
  • 2742601 MS13-004: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: January 8, 2013
  • 2742596 MS13-004: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003: January 8, 2013

Microsoft .NET Framework 1.1
  • 2742597 MS13-004: Description of the security update for the .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 x64 Edition, Windows Server 2003 for Itanium Systems, Windows Vista, and Windows Server 2008: January 8, 2013



    Known issues in security update 2742597:
    • In certain situations on computers that are running Windows Vista Service Pack 2 (SP2) or Windows Server 2008 SP2, you may be reoffered this security update, even though the update is already installed correctly. This is a detection issue only, and you do not have to reinstall this security update if it is already installed.
  • 2742604 MS13-004: Description of the security update for the .NET Framework 1.1 Service Pack 1 on x86-based versions of Windows Server 2003 Service Pack 2: January 8, 2013

Microsoft .NET Framework 1.0
  • 2742607 MS13-004: Description of the security update for the .NET Framework 1.0 Service Pack 3 on Windows XP Service Pack 3 Tablet PC Edition and Windows XP Service Pack 3 Media Center Edition: January 8, 2013
File hash information

Update replacement information

Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.

Applies to
Properties

Article ID: 2769324 - Last Review: Feb 8, 2013 - Revision: 1

Feedback