MS14-046: Vulnerability in the .NET Framework could allow security feature bypass: August 12, 2014


Introduction


This update resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization (ASLR) security feature if a user goes to a specially crafted website.

Summary


Microsoft has released security bulletin MS14-046. Learn more about how to obtain the fixes that are included in this security bulletin: 

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More Information


More information about this update

The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as download URL, prerequisites and command line switches.



The Microsoft .NET Framework 3.5.1
  • 2943357  MS14-046: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: August 12, 2014
  • 2937610  MS14-046: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: August 12, 2014
The Microsoft .NET Framework 3.5
  • 2966828  MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 12, 2014





    Known issues in security update 2966828:
    • After you install security update 2966828 (described in Microsoft Security Bulletin MS14-046) for the Microsoft .NET Framework 3.5, and then you try to enable the Microsoft .NET Framework 3.5 optional feature in Windows Features for the very first time, the feature may not install. You may notice this failure if you "stage" the installation before you add the Microsoft .NET Framework 3.5 feature. For more information about how to work around this issue, click the following article number to view the article in the Microsoft Knowledge Base:
      3002547  Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8, Windows Server 2012, Windows 8.1, or Windows Server 2012 R2 may fail after you install security update 2966827 or 2966828
  • 2966826  MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 12, 2014
  • 2966827  MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: August 12, 2014



    Known issues in security update 2966827:
    • After you install security update 2966827 (described in Microsoft Security Bulletin MS14-046) for the Microsoft .NET Framework 3.5, and then you try to enable the Microsoft .NET Framework 3.5 optional feature in Windows Features for the very first time, the feature may not install. You may notice this failure if you "stage" the installation before you add the Microsoft .NET Framework 3.5 feature. For more information about how to work around this issue, click the following article number to view the article in the Microsoft Knowledge Base:
      3002547  Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8, Windows Server 2012, Windows 8.1, or Windows Server 2012 R2 may fail after you install security update 2966827 or 2966828
  • 2966825  MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: August 12, 2014
The Microsoft .NET Framework 3.0
  • 2943344  MS14-046: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: August 12, 2014
The Microsoft .NET Framework 2.0
  • 2937608  MS14-046: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: August 12, 2014

Update replacement information

Update replacement information for each specific update can be found in the Microsoft Knowledge Base articles that correspond to this update.

Applies to

This article applies to the following:
  • Microsoft .NET Framework 3.5.1 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 3.5 when used with:
    • Windows 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows Server 2012
  • Microsoft .NET Framework 3.0 Service Pack 2 when used with:
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
  • Microsoft .NET Framework 2.0 Service Pack 2 when used with:
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2