ms13-004

MS13-004 is a Microsoft security bulletin addressing four privately reported vulnerabilities in the .NET Framework that could allow elevation of privilege. The most severe vulnerability could be exploited if a user views a specially crafted webpage using a browser that can run XAML Browser Applications (XBAPs). Additionally, Windows .NET applications could bypass Code Access Security (CAS) restrictions. An attacker successfully exploiting these vulnerabilities could gain the same user rights as the logged-on user. The update is rated Important and applies to affected .NET Framework versions. Users are advised to apply the update to mitigate risks, especially those with limited user rights.