You are currently offline, waiting for your internet to reconnect

MS11-044: Vulnerability in the .NET Framework could allow remote code execution: June 14, 2011

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

INTRODUCTION
Microsoft has released security bulletin MS11-044. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support

More information about this security update

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2518870 MS11-044: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: June 14, 2011

    The following are the known issues in security update 2518870. For more information about these known issues, see security update 2518870.
    • Every English (United States) update for the Microsoft .NET Framework 2.0 SP2 shows only the Microsoft Knowledge Base ID in the Add or Remove Programs window.
    • An update for the Microsoft .NET Framework version 4 may not install.
    • When you install an update for the .NET Framework, the installation process may fail and roll back. After the rollback is complete, some .NET Framework files in the global assembly cache (GAC) are deleted. Therefore, some .NET Framework applications may not run or may run incorrectly.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.
  • 2518869 MS11-044: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and on Windows Server 2008 R2 Service Pack 1: June 14, 2011

    The following is the only known issue in security update 2518869. For more information about this known issue, see security update 2518869.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.
  • 2518867 MS11-044: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and on Windows Server 2008 R2: June 14, 2011

    The following is the only known issue in security update 2518867. For more information about this known issue, see security update 2518867.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.
  • 2518863 MS11-044: Description of the security update for the .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and on Windows Server 2008: June 14, 2011

    The following is the only known issue in security update 2518863. For more information about this known issue, see security update 2518863.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.
  • 2518864 MS11-044: Description of the security update for the .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows XP Service Pack 3 and on Windows Server 2003 Service Pack 2: June 14, 2011

    The following are the known issues in security update 2518864. For more information about these known issues, see security update 2518864.
    • When you try to install an update for the Microsoft .NET Framework 1.0, for the Microsoft .NET Framework 1.1, for the Microsoft .NET Framework 2.0, for the Microsoft .NET Framework 3.0, or for the Microsoft .NET Framework 3.5, you may receive a Microsoft Windows Update error code or a Microsoft Windows Installer error code.
    • You receive an "Error 1324. The folder 'Program Files' contains an invalid character" error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition.
    • Every English (United States) update for the Microsoft .NET Framework 2.0 SP2 shows only the Microsoft Knowledge Base ID in the Add or Remove Programs window.
    • When you install an update to the .NET Framework, the installation process may fail and roll back. After the rollback is complete, some .NET Framework files in the global assembly cache (GAC) are deleted. Therefore, some .NET Framework applications may not run or may run incorrectly.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.
  • 2530095 MS11-044: Description of the security update for the .NET Framework 3.5 on Windows XP Service Pack 3 and on Windows Server 2003 Service Pack 2: June 14, 2011

    The following are the known issues in security update 2530095. For more information about these known issues, see security update 2530095.
    • When you try to install an update for the Microsoft .NET Framework 1.0, for the Microsoft .NET Framework 1.1, for the Microsoft .NET Framework 2.0, for the Microsoft .NET Framework 3.0, or for the Microsoft .NET Framework 3.5, you may receive a Microsoft Windows Update error code or a Microsoft Windows Installer error code.
    • You receive an "Error 1324. The folder 'Program Files' contains an invalid character" error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition.
    • All security updates for .NET Framework 2.0 SP1 or for the .NET Framework 3.5 show "Update" or "Hotfix" instead of "Security Update" during the installation and in Add or Remove Programs after installation.
    • When you install an update to the .NET Framework, the installation process may fail and roll back. After the rollback is complete, some .NET Framework files in the global assembly cache (GAC) are deleted. Therefore, some .NET Framework applications may not run or may run incorrectly.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.
  • 2518865 MS11-044: Description of the security update for the .NET Framework 3.5 on Windows Vista Service Pack 1 and on Windows Server 2008: June 14, 2011

    The following is the only known issue in security update 2518865. For more information about this known issue, see security update 2518865.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.
  • 2518866 MS11-044: Description of the security update for the .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: June 14, 2011

    The following is the only known issue in security update 2518866. For more information about this known issue, see security update 2518866.
    • If an assembly file in the GAC (Global Access Cache) is locked or is "in use," it can cause .NET Framework updates to fail.

Security update replacement information

This security update does not replace any earlier released security update.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2538814 - Last Review: 05/08/2012 15:12:00 - Revision: 3.0

Microsoft .NET Framework 4, Windows 7 Service Pack 1, Windows 7 Enterprise, Windows 7 Home Basic, Windows 7 Home Premium, Windows 7 Professional, Windows 7 Ultimate, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Standard, Windows Server 2008 Service Pack 2, Windows Web Server 2008, Windows Vista Service Pack 2, Windows Vista Service Pack 1, Microsoft Windows Server 2003 Service Pack 2, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Foundation, Windows Server 2008 Standard, Microsoft .NET Framework 3.5, Microsoft Windows XP Service Pack 3, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1

  • kbsecvulnerability kbsecurity kbsecbulletin kbfix kbexpertiseinter kbbug atdownload KB2538814
Feedback
dy>