Microsoft security advisory: Insecure ASP.NET site configuration could allow elevation of privilege

September 9, 2014 This security update has been re-released for release on Windows Update and contains some updated articles. We recommend that you apply this updated security update.

Introduction

This security update resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege on a server system if a user views a specially crafted webpage by using a web browser that can run ASP.NET applications.

Summary

Microsoft has released security advisory 2905247. You can view the complete security advisory by going to the following Microsoft website:

How to obtain help and support for this update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More Information

Installation information

Before you apply this update, make sure that you resolve any view state message authentication code (MAC) errors that you may have. For information about how to do this, see Resolving view state message authentication code (MAC) errors in the Microsoft Knowledge Base.

More information about this update

The following articles contain more information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as a download URL, prerequisites, and command line switches.

Microsoft .NET Framework 4.5 and the .NET Framework 4.5.1
  • 2894855  Description of the security update for the .NET Framework 4.5 and the .NET Framework 4.5.1 on Windows 8, Windows RT, and Windows Server 2012: December 10, 2013 Updated

  • 2894856 Description of the security update for the .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: December 10, 2013 Updated

  • 2894854  Description of the security update for the .NET Framework 4.5 and the .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: December 10, 2013 Updated


Microsoft .NET Framework 4
  • 2894842  Description of the security update for the .NET Framework 4 on Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: December 10, 2013 Updated


Microsoft .NET Framework 3.5.1
  • 2894844  Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: December 10, 2013


Microsoft .NET Framework 3.5
  • 2894852 Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: December 10, 2013 Updated

  • 2894851  Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: December 10, 2013


Microsoft .NET Framework 2.0
  • 2894847  Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: December 10, 2013

  • 2894843  Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows Server 2003: December 10, 2013


Microsoft .NET Framework 1.1
  • 2894845  Description of the security update for the .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack 2 32-bit Edition: December 10, 2013


Update replacement information

Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.
File hash information

Applies to

This article applies to the following:
  • Microsoft .NET Framework 4.5.1 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
  • Microsoft .NET Framework 4.5 when used with:
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
  • Microsoft .NET Framework 4 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows Server 2003 Service Pack 2
  • Microsoft .NET Framework 3.5.1 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 3.5 when used with:
    • Windows 8
    • Windows Server 2012
  • Microsoft .NET Framework 2.0 Service Pack 2 when used with:
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows Server 2003 Service Pack 2
  • Microsoft .NET Framework 1.1 Service Pack 1 when used with:
    • Windows Server 2003 Service Pack 2 32-bit Edition
Propriedades

ID do Artigo: 2905247 - Última Revisão: 09/09/2014 - Revisão: 1

Comentários