MS14-059: Vulnerability in ASP.NET MVC could allow security feature bypass: October 14, 2014

View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS14-059. To learn more about this security bulletin:

Download information

The following files are available for download from the Microsoft Download Center.

For all supported versions of Microsoft ASP.NET

Download Download the package now.

Release Date: October 14, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online servicesMicrosoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country:
International Support

More Information

  • For more information about deployment options to address this security vulnerability, see the MS14-059 security bulletin. This update will be offered through Microsoft Update, the Microsoft Download Center, and updated NuGet packages. The security bulletin will provide correct guidance about which deployment option is required to help make sure that your computer and applications are secure.

  • Also, see the "Update FAQ" section of MS14-059 to better understand how Microsoft security updates for .NET NuGet Libraries are supported, how to determine which version of ASP.NET Model-View-Controller (MVC) is installed on your computer, which computers are offered the update through Microsoft Update, and other important information.

Known issues and more information about this security update

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.

  • 2994397 MS14-059: Description of the security update for ASP.NET MVC 5.1: October 14, 2014

  • 2992080 MS14-059: Description of the security update for ASP.NET MVC 5.0: October 14, 2014

  • 2993928 MS14-059: Description of the security update for ASP.NET MVC 4.0: October 14, 2014 Known issues in security update 2993928:

    • Symptom
      After you install this security update, all Azure Pack PowerShell commands return the following exemption:





      Method not found: 'Void Newtonsoft.Json.Serialization.DefaultContractResolver.set_IgnoreSerializableAttribute(Boolean)


      Resolution
      To resolve this issue, install Update Rollup 4 for Windows Azure Pack. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

      2992027 Update Rollup 4 for Windows Azure Pack

  • 2993937 MS14-059: Description of the security update for ASP.NET MVC 3.0: October 14, 2014

  • 2993939 MS14-059: Description of the security update for ASP.NET MVC 2.0: October 14, 2014

Applies to

This article applies to the following:

  • ASP.NET MVC 2.0

  • ASP.NET MVC 3.0

  • ASP.NET MVC 4.0

  • ASP.NET MVC 5.0

  • ASP.NET MVC 5.1

File name

SHA1 hash

SHA256 hash

AspNetMVC2-KB2993939.EXE

1E3F60495160A568ADB51B09AF5C7B0A95146764

2B91A27DC45B11CB6977A214CF9E4DCF1E219F66876413F2A8D3DC4BE86B1175

AspNetMVC3-KB2993937.EXE

414B06C8F9800E88E1ABB6A28EAD93E445F92878

02885E91D4052E0DAC3EA06D2099D9F9CCBE20B27AF9B9FF64813D9383F2126A

AspNetMVC4-KB2993928.EXE

760CF4C85474BBE1809B9FAB9B2996FF04C23B88

105089F03358AB2437722C070EC1F4F43FA8BE9BD4D85802D3374D204ADB948E

AspNetWebFxUpdate_KB2992080.EXE

55C239C6B443CB122B04667A9BE948B03046BF88

D10482E256F90D03E7B0069ED1287C14776DCCD2E3A766FD27B4BE76B78C26AC

AspNetWebFxUpdate_KB2994397.EXE

BBE73C4BF9AA4747F6753CACA095A5459EC277BE

5A42E9F3847EAC08FD6B1F8A55B0AED149507034AA68A11F7EB5D3993D3A6DD7


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×