Microsoft Security Bulletin MS14-009 - Important: Vulnerabilities in .NET Framework Could...


Extraordinary Robot
News Feed
Severity Rating: Important
Revision Note: V1.1 (February 28, 2014): Bulletin revised to announce a detection change in the 2901128 update for Microsoft .NET Framework 4.5.1 on Windows 8.1 for 32-bit Systems, Microsoft .NET Framework 4.5.1 on Windows 8.1 for x64-based Systems, Microsoft .NET Framework 4.5.1 on Windows Server 2012 R2, and Microsoft .NET Framework 4.5.1 on Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any actioned.
Summary: This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit the compromised website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website.

Continue reading...

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.