The .NET team released two security bulletins today as part of the monthly “Update Tuesday” cycle.
Microsoft Security Bulletin MS15-044 – Critical, Vulnerability in .NET Framework Could Allow Remote Code Execution (3057110)
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
This security update is rated Critical for Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6 RC on affected releases of Microsoft Windows.
More details about the versions affected by this vulnerability can be found in the security bulletin MS15-044.
Microsoft Security Bulletin MS15-048 – Important, Vulnerability in .NET Framework Could Allow Information Disclosure (3057134)
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user installs a specially crafted partial trust application.
This security update is rated Important for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, and Microsoft .NET Framework 4.5.2 on affected releases of Microsoft Windows.
More details about the versions affected by this vulnerability can be found in the security bulletin MS15-048.
How to obtain help and support for this security update
- Help installing updates: Support for Microsoft Update
- Security solutions for IT professionals: TechNet Security Troubleshooting and Support
- Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
- Local support according to your country: International Support
Does this update cause a re-compile of ASP.NET websites? A few weeks ago an update came out that did trigger recompiles.
Hi @Brian Smithson,
Unrelated to the Microsoft .NET bulletin releases outlined above, KB3037580 (support.microsoft.com/…/3037580) for Windows 8 and Windows Server 2012 was re-released on Tuesday 5/12/2015. This update services ASP.NET's system.web.dll, where ASP.NET will recompile the site. This will only cause a slow response for the first request (cold startup). For subsequent requests, there'll be no difference. One way to mitigate cold startup performance concerns is by using IIS application initialization feature described here: http://www.iis.net/…/iis-80-application-initialization.
Are these updates cumulative ? After fresh OS install there are more than 60 of .NET Framework 3.5 to 4.5.1 security updates and it takes ages to install them.
Hi,
We have a program which is written by Java to provide Web API with HTTPS, and we have a client written by C# based on .NET Framework 3.5 to call Web API. It works fine, but recently after installing updates, our client can't call Web API anymore.
Any ideas? Thanks a lot!
Vulnerability is the weakness which destroys the functions of Microsoft like a virus. for the safeness.The NET team released two security and they resolve vulnerabilities. This security is important for Microsoft to safe from all types of vulnerability. Due to best .NET training courses, anyone can use this security and know more about.NET.
good
How are .net framework in possibly dozens of independent applications running different versions going to patched for security vulnerabilities on windows servers like 2k12? As I understand it, there's no GAC assembly anymore.