MS15-041: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: April 14, 2015

Applies to: .NET Framework 3.5.1


This update resolves a vulnerability in the Microsoft .NET Framework that could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploits the vulnerability could view parts of a web configuration file that could expose sensitive information. To learn more about this vulnerability, see Microsoft Security Bulletin MS15-041.

Note To resolve the vulnerability, you may have to apply multiple updates, depending on the versions of .NET Framework that you are running. For more information, see Versions of the .NET Framework that are affected by this security bulletin.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. To install the update, follow the install instructions on the download page

Download Download (KB3037574)

More Information

Versions of the .NET Framework that are affected by this security bulletin

Windows versionUpdates to install
Windows 7 SP1 and Windows Server 2008 R2 SP13037574 for .NET Framework 3.5.1
3037578 for .NET Framework 4
3037581 for .NET Framework 4.5/4.5.1/4.5.2

Applies to

This article applies to the following:
  • Microsoft .NET Framework 3.5.1 when used with:
    • Windows Server 2008 R2 Service Pack 1
    • Windows 7 Service Pack 1