MS14-026: Vulnerability in the .NET Framework could allow elevation of privilege: May 13, 2014

<html><body><p>Resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege if an unauthenticated attacker sends specially crafted data to an affected workstation or server that has the .NET Framework Remoting feature enabled.</p><h2></h2><div><br /><a href=“#appliestoproducts” target>View products that this article applies to.</a><span></span></div><h2>Introduction</h2><div>This update resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege if an unauthenticated attacker sends specially crafted data to an affected workstation or server that has the .NET Framework Remoting feature enabled.</div><h2>Summary</h2><div>Microsoft has released security bulletin MS14-026. Learn more about how to obtain the fixes that are included in this security bulletin: <ul><li>For individual, small business, and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see <a href=“http://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>Get security updates automatically</a> on the Microsoft Safety and Security Center website.<br /></li><li>For IT professionals, see <a href=“http://technet.microsoft.com/security/bulletin/ms14-026” target=“_self”>Microsoft Security Bulletin MS14-026</a> on the Security TechCenter website.</li></ul></div><h2></h2><div><h3>How to obtain help and support for this security update</h3>Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div><h2>More Information</h2><div><h4>Additional information about this update</h4>The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as the download URL, prerequisites, and command-line switches. <h5>Microsoft .NET Framework 4.5.1</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2931366”>2931366 </a> MS14-026: Description of the security update for the .NET Framework 4.5.1 on Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2: May 13, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2931367”>2931367 </a> MS14-026: Description of the security update for the .NET Framework 4.5.1 on Windows 8, Windows RT, and Windows Server 2012: May13, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2931368”>2931368 </a> MS14-026: Description of the security update for the .NET Framework 4.5.1 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 13, 2014</li></ul><h5>Microsoft .NET Framework 4</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2931365”>2931365 </a> MS14-026: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2: May 13, 2014</li></ul><h5>Microsoft .NET Framework 3.5.1</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2931356”>2931356 </a> MS14-026: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 13, 2014</li></ul><h5>Microsoft .NET Framework 3.5</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2931358”>2931358 </a> MS14-026: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: May 13, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2931357”>2931357 </a> MS14-026: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: May 13, 2014</li></ul><h5>Microsoft .NET Framework 2.0</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2931354”>2931354 </a> MS14-026: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 13, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2932079”>2932079 </a> MS14-026: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003: May 13, 2014</li></ul><h5>Microsoft .NET Framework 1.1</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2931352”>2931352 </a> MS14-026: Description of the security update for the .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack 2 32-bit Edition: May 13, 2014</li></ul></div><h2></h2><div><h4>Update replacement information</h4>Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.</div><h2></h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>MSIPatchRegFix-AMD64.exe</td><td>5011CB29B096FB674A4795EE8FC2F7FDAD33863A</td><td>BA62C33DD90ECC3C945AE4F52EEEB2FA07D2C53FB975263B483D09D80F02230D</td></tr><tr><td>MSIPatchRegFix-IA64.exe</td><td>CB861EAF1F4CDFFAD5F83604C7250CD9EDD96433</td><td>61867793FC7556B79E5833CC18F493A5611EDE94E0D944575E89BAA76B223A0D</td></tr><tr><td>MSIPatchRegFix-X86.exe</td><td>94A84B80B8B45A1AC53A0E5D085513DA0F099655</td><td>C83C5EE1D4FBFF5260A7D984471EAF4C6004431C21B4F661018BDB92CC124290</td></tr><tr><td>NDP20SP2-KB2932079-IA64.exe</td><td>DE13A43C8D287AADEC0667648D195D7B744A4E53</td><td>F12A1488D353232948FFD988CD6354034151EDD902EDDB8A322796CBFDE48831</td></tr><tr><td>NDP20SP2-KB2932079-x64.exe</td><td>63C71D72B00130F231B3F6CFF172A48C274B0B6E</td><td>35C99F63B8EDC985D893005216D690E53858C450B5B131E404E0B6D6B270CBC6</td></tr><tr><td>NDP20SP2-KB2932079-x86.exe</td><td>62D2A448718D1A1343055D53EB722E8C72AAFAEB</td><td>AC380F0F740F60FF7F6DDC061686ADB7ED1D4135BBDF219785A3B3D546276051</td></tr><tr><td>NDP40-KB2931365-IA64.exe</td><td>61A95BD8A850AAA99F42AF443C1D3AF13CDE44D8</td><td>2970C99CF2AF361E48378523F2B5578ABC9AD862854DF7436DA1C67E8757F799</td></tr><tr><td>NDP40-KB2931365-x64.exe</td><td>55935131495A53550A7C73313F72D390D1649EB2</td><td>248ACD54905A1DF8414676D4C82F938F2156F551780DC244ECB7AE700E2C0A1B</td></tr><tr><td>NDP40-KB2931365-x86.exe</td><td>99D59CFC6E59F2C5D406B61F06172DCA0A89286D</td><td>DA9095E359DC431E8556F36B72B3043EA597A67337376891C7A03A66016E3662</td></tr><tr><td>NDP45-KB2931368-x64.exe</td><td>D31C1D741290E739E80935DDED951D5114A57834</td><td>9E012A20B272F6721D28E27CDAD6C2DED1F9AEB1BB6952F01578744C3CE4107D</td></tr><tr><td>NDP45-KB2931368-x86.exe</td><td>9CD071274568556D4D6B03BD524C132FB445BE7D</td><td>6C80702F0313B83267CD0A88CD34F865F6D901A90C82385F978CC5B0568423F3</td></tr><tr><td>Windows6.0-KB2931354-ia64.msu</td><td>2ABB94798F479BACEF7D253A07C2A961F773DD02</td><td>28D24738E31C20D0C8680D3BB916CFE41B007BB9E7E70042C9D767EC4888FF18</td></tr><tr><td>Windows6.0-KB2931354-x64.msu</td><td>C3647BC4D977FBD46B6A84771DA5629FB1785412</td><td>B160CCA079C2443FD8AE28D434CD48911BD5934BD85E5B00D01AB9C181427D85</td></tr><tr><td>Windows6.0-KB2931354-x86.msu</td><td>33CE425CCC2DFBC6628213845EA92E1C43FE1BAD</td><td>D01F544F475D63941141C87CC058A0851C40647458BC6CE506E1298B0DB0A012</td></tr><tr><td>Windows6.0-KB980842-ia64.msu</td><td>2A2A67B37490C495E23B1EC709BACA49D06F0272</td><td>9494EDBFFE5DF90060C253C6E185DC2EE9739C144BCF1B25C2F42914078752EC</td></tr><tr><td>Windows6.0-KB980842-x64.msu</td><td>56CCB4131E94F0E4740AC65D54603AD9A2F32FDE</td><td>CC84E048D5B9A0F35F9FE981C1F0FCA67261D0C07B026B18B5626DE9ED97C6F1</td></tr><tr><td>Windows6.0-KB980842-x86.msu</td><td>A6FC223B39B42789FF7A319AFEFF86DF2913D187</td><td>C41C2294AC8CEDE7308711183F8E0FA5BE9208ACBEEF5DB347BE6E0C8AF2E4AA</td></tr><tr><td>Windows6.1-KB2931356-ia64.msu</td><td>EC1D0AA88EAE50192526B8A930E5B914C1A3B1BD</td><td>88C4BBD11638C231E3F9AF24E18B94A09588EAFC2890B083EF004C9E6773CC91</td></tr><tr><td>Windows6.1-KB2931356-x64.msu</td><td>653280975C830364B9EF78DB4140AD08CE551C4B</td><td>B1D4E3C26A6566CF2B4230D09A6C58CE8214E1DA09EFA8C60366B11E45494B4E</td></tr><tr><td>Windows6.1-KB2931356-x86.msu</td><td>63227724E483CCF74C3758070282F5506176E937</td><td>6F1DBC16AA119B460A00128166F5E7497F26FF8F9A1F304E7C18623413F08A31</td></tr><tr><td>Windows8-RT-KB2931357-x64.msu</td><td>5ADB977EC58E79EFC4C9454E309D9825D1D067D3</td><td>A8AF536CA9BEE9A0A6E83DE76E6F645EFE6C7B6894087F562DAB97C7D766F26B</td></tr><tr><td>Windows8-RT-KB2931357-x86.msu</td><td>3E3512E979F19630C97A6F0073326D83F5B2791D</td><td>674033B5A696A722C094951C6A6EB22AF7F5C8A773D0BE446CFDA1C739E1B7C7</td></tr><tr><td>Windows8-RT-KB2931367-x64.msu</td><td>3BF8F48AC3FC04189D5B917A8366D5A1C5A3BDB8</td><td>1839A541373317D8E5953886A908DD30F3A461BEE70C7C424C62D6744E08B614</td></tr><tr><td>Windows8-RT-KB2931367-x86.msu</td><td>9CC2450F601E0642EE2700744EF186514764D21A</td><td>9AE644E468DD3601A53F511FF69A130D0638A16F667D11F88CED2ECB8905E43B</td></tr><tr><td>Windows8.1-KB2931358-x64.msu</td><td>DF3D6DE1A965959749812A0FD99DBB72395436F1</td><td>3F0496CD1E0F0A64EE5052A4C89653FD169E991837B7986D5AF792BEE4ECB9C6</td></tr><tr><td>Windows8.1-KB2931358-x86.msu</td><td>52F84EAC6153DDAB557AB852DE6DDCF2B3777186</td><td>BC598BB127D3B045657F42E883D145FEE5C86BC8813AA02BAB5FA7BAA4D0BA96</td></tr><tr><td>Windows8.1-KB2931366-x64.msu</td><td>237DC72F2EA349B9B666D84F1B4AB8AC94BE206B</td><td>2FBEBEC8AB01A53C14F7D39EB16BCADDBB3D4596B1ED50A63F5F963A9381E2FC</td></tr><tr><td>Windows8.1-KB2931366-x86.msu</td><td>17142E8CC567BF54932085F31491783BCD7F21BF</td><td>1C014A846C226B04EC1EE0C07882FBDD6D8FC71456870F66ADBA436189F82CDD</td></tr><tr><td>WindowsServer2003-KB2931352-x86-CHS.exe</td><td>50316913FA961C35DB113E9DDA73762D2CB15DB4</td><td>89746AA42EB1959EA57DD490C5F0A3C191C2A900E752C313A43E22FBD153075F</td></tr><tr><td>WindowsServer2003-KB2931352-x86-CHT.exe</td><td>F3A6C60317C4959C755C84E929D2634D1A3A6BAD</td><td>CC70A6F9C8736E360BE7D48B13B7CCE30F27A6C2FE4A41EBE5BCD88C22B7A2BD</td></tr><tr><td>WindowsServer2003-KB2931352-x86-CSY.exe</td><td>DB3E79C01B8611548691C7D64426196F06EB2C82</td><td>BB557697C34532F6F1273A48EC147C99F1159EFABB58214DED182B833312AF29</td></tr><tr><td>WindowsServer2003-KB2931352-x86-DEU.exe</td><td>91DC458C93B36F5560A2532F1B589E18E6502843</td><td>337841DBBAFAF788FBEFED491FA8C2935F913CBC6B185879A12231914A3669DE</td></tr><tr><td>WindowsServer2003-KB2931352-x86-ENU.exe</td><td>9969E5AD4E5E1D6D31BE0B01C24BFB0E9BDCA7E5</td><td>CD11A50FBAD32FF2C8E438FE6E5731FE75E8A70ECB9D953756FB3F2AC8322148</td></tr><tr><td>WindowsServer2003-KB2931352-x86-ESN.exe</td><td>6897FF33B7A87E6B0ECD07DB74B394CB62372D2C</td><td>FCA04C3DDD4DE2F51D5AAE71DB554E7DE098E39D70AA64CCFAEC24D9136C8EF1</td></tr><tr><td>WindowsServer2003-KB2931352-x86-FRA.exe</td><td>044D00EA4A677DC7D9B2061AC98718EF749E9A03</td><td>8827CB25364B3395DAD6330511204B2C3094AA62B3469807AA141A7FEEC06E9C</td></tr><tr><td>WindowsServer2003-KB2931352-x86-HUN.exe</td><td>86FF4F4AFB94EB92B67DE13E67B2E9C02A4B91CD</td><td>CAFC602471F9ACB3ECB8A35ED0288F3439C4E612DBB36DC515E1264B1A79F3C5</td></tr><tr><td>WindowsServer2003-KB2931352-x86-ITA.exe</td><td>33A7DF448697CFB1C561B876DA209A2E17C19AA2</td><td>976C9C565DEC4A755E87255754C20ADB454B088565874A9488B0AC3C7933E427</td></tr><tr><td>WindowsServer2003-KB2931352-x86-JPN.exe</td><td>CEADD820FD71674AF0F0300959CEDE6F405F705D</td><td>4FF42E31D9A6F608874676843EE969B33A78333754BBB2CEEE9B673EC40BC747</td></tr><tr><td>WindowsServer2003-KB2931352-x86-KOR.exe</td><td>F2EB3F125E897D691DC720CE04E98FD033189BC3</td><td>727B3FF6C2FFFCA3B62786DFB674CBE2D17FAEC2C705B32E21518C7C4937D180</td></tr><tr><td>WindowsServer2003-KB2931352-x86-NLD.exe</td><td>9C497FF70844FC4B23F58A7A620880E12460A829</td><td>831F41F0863642AEA38C2EDF0013129963BCE211F6138F2FF0DB97388B8B9FFB</td></tr><tr><td>WindowsServer2003-KB2931352-x86-PLK.exe</td><td>5BA1250073581E3582DAEE61867BC6A055963B92</td><td>A13EEF093E77633B16FC4FB50884B22DE688CB13AFD9BC4A07988291C7CF2658</td></tr><tr><td>WindowsServer2003-KB2931352-x86-PTB.exe</td><td>F710B583D7A099F7B4EA10E2F4FCB010011636C2</td><td>BBF257A8C4B4F248743CE788D310FEED204822FF785956F87AF919D13A969873</td></tr><tr><td>WindowsServer2003-KB2931352-x86-PTG.exe</td><td>D63754EE86F1A7C03F02A0A89474E225AEA7E9DE</td><td>E5F29B23BBF511D2145161653201408AF310D56DF2ECF384939EC90FEC6D46CA</td></tr><tr><td>WindowsServer2003-KB2931352-x86-RUS.exe</td><td>5B6C71A22BF8AC4F12B79A59E1666A36299BCEE6</td><td>AE766C188299247581AA27D753150AA05C5772180AD4CA374A57BA5A15B635BE</td></tr><tr><td>WindowsServer2003-KB2931352-x86-SVE.exe</td><td>EEEC9CAFF7D1FF8D1695D641075DF53529E1FE3F</td><td>656DB9A33B6978D9E66FA48755CE9799696CB5A4A28C78E2CAC69FC679A360A9</td></tr><tr><td>WindowsServer2003-KB2931352-x86-TRK.exe</td><td>01987AFD0922684AE8C7749C6FEF680C5E9FF6A3</td><td>DBF280866DCDFD02A370B813333052DA0D2179BEEFF8D9964FAFD1BFAF45AE01</td></tr></table></div></div><br /></span></div></div></div></div><h2></h2><div><a></a><br /><h3>Applies to</h3>This article applies to the following:<ul><li>Microsoft .NET Framework 4.5.1 when used with:<ul><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2012 R2</li><li>Windows 8</li><li>Windows RT</li><li>Windows Server 2012</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 4.5 when used with:<ul><li>Windows 8.1</li><li>Windows RT 8.1</li><li>Windows Server 2012 R2</li><li>Windows 8</li><li>Windows RT</li><li>Windows Server 2012</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 4 when used with:<ul><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Windows XP Service Pack 3</li><li>Windows Server 2003 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 3.5.1 when used with:<ul><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2 Service Pack 1</li></ul></li><li>Microsoft .NET Framework 3.5 when used with:<ul><li>Windows 8.1</li><li>Windows Server 2012 R2</li><li>Windows 8</li><li>Windows Server 2012</li></ul></li><li>Microsoft .NET Framework 2.0 Service Pack 2 when used with:<ul><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Windows XP Service Pack 3</li><li>Windows Server 2003 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 1.1 Service Pack 1 when used with:<ul><li>Windows Server 2003 Service Pack 2</li></ul></li></ul></div></body></html>