Vulnerability in ASP.NET

MS10-070 security update resolves a publicly disclosed vulnerability in ASP.NET.

The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server.

Affected Software:
– Windows XP Service Pack 3:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows XP Professional x64 Edition Service Pack 2:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Server 2003 Service Pack 2:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Server 2003 x64 Edition Service Pack 2:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Server 2003 with SP2 for Itanium-based Systems:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Vista Service Pack 1 and
Windows Vista Service Pack 2:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Vista Service Pack 1 only:
– Microsoft .NET Framework 2.0 Service Pack 1 and
Microsoft .NET Framework 3.5
– Microsoft .NET Framework 2.0 Service Pack 2
– Windows Vista Service Pack 2 only:
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Windows Vista x64 Edition Service Pack 1 and
Windows Vista x64 Edition Service Pack 2:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Vista x64 Edition Service Pack 1 only:
– Microsoft .NET Framework 2.0 Service Pack 1 and
Microsoft .NET Framework 3.5
– Microsoft .NET Framework 2.0 Service Pack 2
– Windows Vista x64 Edition Service Pack 2 only:
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Windows Server 2008 for 32-bit Systems and
Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected):
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Server 2008 for 32-bit Systems only
(Windows Server 2008 Server Core installation not affected):
– Microsoft .NET Framework 2.0 Service Pack 1 and
Microsoft .NET Framework 3.5
– Microsoft .NET Framework 2.0 Service Pack 2
– Windows Server 2008 for 32-bit Systems Service Pack 2 only
(Windows Server 2008 Server Core installation not affected):
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Microsoft .NET Framework 2.0 Service Pack 2
– Windows Server 2008 for x64-based Systems and
Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected):
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Server 2008 for x64-based Systems only
(Windows Server 2008 Server Core installation not affected):
– Microsoft .NET Framework 2.0 Service Pack 1 and
Microsoft .NET Framework 3.5
– Microsoft .NET Framework 2.0 Service Pack 2
– Windows Server 2008 for x64-based Systems Service Pack 2 only
(Windows Server 2008 Server Core installation not affected):
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Windows Server 2008 for Itanium-based Systems and
Windows Server 2008 for Itanium-based Systems Service Pack 2:
– Microsoft .NET Framework 1.1 Service Pack 1
– Microsoft .NET Framework 3.5 Service Pack 1
– Microsoft .NET Framework 4.0
– Windows Server 2008 for Itanium-based Systems only:
– Microsoft .NET Framework 2.0 Service Pack 1 and
Microsoft .NET Framework 3.5
– Microsoft .NET Framework 2.0 Service Pack 2
– Windows Server 2008 for Itanium-based Systems Service Pack 2 only:
– Microsoft .NET Framework 2.0 Service Pack 2
– Microsoft .NET Framework 3.5
– Windows 7 for 32-bit Systems:
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4.0
– Windows 7 for x64-based Systems:
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4.0
– Windows Server 2008 R2 for x64-based Systems
(Windows Server 2008 R2 Server Core installation affected):
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4.0
– Windows Server 2008 R2 for Itanium-based Systems
– Microsoft .NET Framework 3.5.1
– Microsoft .NET Framework 4.0
– Impact: Information Disclosure
– Version Number: 1.0

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2416728.

We recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.

Anand Yadav

Anand Yadav


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image