You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
ms11-100
About this tag
MS11-100 is a critical security bulletin from Microsoft addressing vulnerabilities in the .NET Framework that could allow elevation of privilege or denial of service. The bulletin covers CVE-2011-3414, a publicly disclosed vulnerability involving hash table collisions that could cause a denial of service in ASP.NET. It also resolves three privately reported vulnerabilities. The security update (2638420) changes the format of forms authentication tickets, which may cause compatibility issues in web farm environments. Deployment guidance and a webcast Q&A are available to assist administrators with applying the update. This bulletin was released out-of-band in December 2011.
Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue, including...
Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue...
Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue...
Severity Rating: Critical
Revision Note: V1.3 (February 1, 2012): Corrected registry keys and installation switches in the deployment tables for Windows Server 2003 and Windows Server 2008, and installation switches in the deployment table for Windows Vista. This is an informational...
asp.net
attacker
critical
elevation of privilege
exploit
installation
ms11-100
net framework
privately reported
publicly disclosed
registry
security
security bulletin
server 2003
server 2008
update
vulnerability
web request
windows vista
Severity Rating: Critical
Revision Note: V1.1 (December 30, 2011): Added entry to the Update FAQ to address security-related changes to functionality contained in this update and added mitigation for CVE-2011-3414
Summary: This security update resolves one publicly...
Describes an issue related to the security update MS11-100. The security update changes the format of forms authentication tickets in a way that is incompatible with the older version of forms authentication tickets.
More...
Hello,
Today we published the December 2011 Out-of-Band Security Bulletin Webcast Questions & Answers page. We fielded 41 questions on the subject of MS11-100 . There were four questions during the webcast that we were unable to answer and we have included those questions and answers on the...