Description of the security update for the .NET Framework 4 on Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: December 10, 2013

September 9, 2014 This security update has been re-released and contains updated files. We recommend that you apply this updated security update.


This security update resolves a vulnerability in the Microsoft .NET Framework 4 that could allow elevation of privilege on a server system if a user views a specially crafted webpage by using a web browser that can run ASP.NET applications.

This security update applies to Windows Server 2003 Service Pack 2, Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1.


Microsoft has released security advisory 2905247 for the Microsoft .NET Framework.

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More information about this security update

Download information

To install this update, install it from Microsoft Windows Update.

Additionally, you can install this update from the Microsoft Download Center.

Installation information

Before you apply this update, make sure that you resolve any view-state message authentication code (MAC) errors that you may have. For information about how to do this, see Resolving view state message authentication code (MAC) errors in the Microsoft Knowledge Base.


To install this update, you must have Windows Installer 3.1 or a later version installed on the computer.

Command-line switches for this update

See the various command-line switches that are supported by this Microsoft .NET Framework update.

Restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update replaces updates 2901110 and 2656351 .

Update removal information

Note We do not recommend that you remove any security update.

To remove this update, use the Add or Remove Programs item or the Programs and Features item in Control Panel.

Applies to

This article applies to the following:
  • Microsoft .NET Framework 4 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows Server 2003 Service Pack 2