You are currently offline, waiting for your internet to reconnect

MS12-007: Vulnerability in Anti-XSS Library could allow information disclosure: January 10, 2012

Microsoft has released security bulletin MS12-007. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support


Known issues with this security update

  • After you install this security update, certain HREF tags may be rendered incorrectly when you use the AntiXSS Library as the default encoder with ASP.NET WebForms.

    Microsoft is actively working on a new release of the AntiXSS Library to address this issue. Until the update is available, do not configure web.config to set the AntiXSS Library as the default encoder. By default, web.config is not set to use the AntiXSS Library as the default encoder.Microsoft is researching this problem and will post more information in this article when the information becomes available.
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
File nameFile versionFile sizeDateTime

This security bulletin applies to the following Microsoft Anti-Cross Site Scripting libraries:
  • Microsoft Anti-Cross Site Scripting Library V4.0
  • Microsoft Anti-Cross Site Scripting Library V3.1
For more information, visit the following Microsoft webpage:
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE

Article ID: 2607664 - Last Review: 05/09/2012 11:36:00 - Revision: 5.1

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2607664