Microsoft security advisory: Vulnerability in the .NET Framework: May 13, 2014

Introduction

This update is for the Microsoft .NET Framework to disable RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.

Summary

Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:


More Information

Additional information about this update

The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as a download URL, prerequisites, and command-line switches.
Microsoft .NET Framework 4.5.x
  • 2954853 Description of the security update for the .NET Framework 4.5.2 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014
  • 2898850 Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014
  • 2898849 Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 on Windows 8, Windows RT, and Windows Server 2012: May 13, 2014
  • 2938782 Description of the security update for the .NET Framework 4.5 and the .NET Framework 4.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014
Microsoft .NET Framework 4
  • 2938780 Description of the security update for the .NET Framework 4 on Windows 7 and Windows Server 2008 R2: May 13, 2014
Microsoft .NET Framework 3.5.1
  • 2898851 Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014
Microsoft .NET Framework 3.5
  • 2898847 Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: May 13, 2014
  • 2898845 Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: May 13, 2014

Update replacement information

Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.
File hash information

Applies to

This article applies to the following:
  • Microsoft .NET Framework 4.5.2 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 4.5.1 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 4.5 when used with:
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 4 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 3.5.1 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 3.5 when used with:
    • Windows 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows Server 2012
Properties

Article ID: 2960358 - Last Review: May 13, 2014 - Revision: 1

Feedback