MS14-057: Description of the security update for the .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1: October 14, 2014


This security update resolves vulnerabilities that could allow remote code execution if an attacker sends a specially crafted URL request that contains international characters to a .NET web application.


Microsoft has released security bulletin MS14-057. Learn more about how to obtain the fixes included in this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security troubleshooting and support

Help protect your computer that is running Windows from viruses and malware: Virus and Security Solution Center

Local support according to your country: International support

More information about this security update

Download information

To install this update, install it from Windows Update.

Additionally, you can install this update from the Microsoft Download Center.

Command-line switches for this update

Learn about the various command-line switches that are supported by this .NET Framework update.

Restart information

This update does not require a system restart after you apply it unless files being updated are locked or in use.

Update replacement information

This update replaces update 2633873 .

Update removal information

Note We do not recommend that you remove any security update.

To remove this update, use the Add or Remove Programs item or use the Programs and Features item in Control Panel.

Applies to

This article applies to the following:
  • Microsoft .NET Framework 3.5.1 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1