MS14-046: Vulnerability in the .NET Framework could allow security feature bypass: August 12, 2014

<html><body><p>Resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization (ASLR) security feature if a user goes to a specially crafted website.</p><h2></h2><div><br /><a href=“#appliestoproducts” target>View products that this article applies to.</a><span></span></div><h2>Introduction</h2><div>This update resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization (ASLR) security feature if a user goes to a specially crafted website.</div><h2>Summary</h2><div>Microsoft has released security bulletin MS14-046. Learn more about how to obtain the fixes that are included in this security bulletin: <ul><li>For individual, small business, and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see <a href=“http://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>Get security updates automatically</a> on the Microsoft Safety and Security Center website.<br /></li><li>For IT professionals, see <a href=“http://technet.microsoft.com/security/bulletin/ms14-046” target=“_self”>Microsoft Security Bulletin MS14-046</a> on the Security TechCenter website.</li></ul></div><h2></h2><div><h3>How to obtain help and support for this security update</h3>Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div><h2>More Information</h2><div><h4>More information about this update</h4>The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as download URL, prerequisites and command line switches. <br /><br /><br /><br /><h5>The Microsoft .NET Framework 3.5.1</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2943357”>2943357 </a> MS14-046: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: August 12, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2937610”>2937610 </a> MS14-046: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: August 12, 2014</li></ul><h5>The Microsoft .NET Framework 3.5</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2966828”>2966828 </a> MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 12, 2014<br /><br /><br /><br /><br /><br />Known issues in security update 2966828:<br /><ul><li>After you install security update <a href=“https://support.microsoft.com/help/2966828” target=“_self”>2966828</a> (described in Microsoft Security Bulletin <a href=“https://technet.microsoft.com/library/security/ms14-046” target=“_self”>MS14-046</a>) for the Microsoft .NET Framework 3.5, and then you try to enable the Microsoft .NET Framework 3.5 optional feature in <strong>Windows Features</strong> for the very first time, the feature may not install. You may notice this failure if you “stage” the installation before you add the Microsoft .NET Framework 3.5 feature. For more information about how to work around this issue, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/3002547”>3002547 </a> Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8, Windows Server 2012, Windows 8.1, or Windows Server 2012 R2 may fail after you install security update 2966827 or 2966828 </div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2966826”>2966826 </a> MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 12, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2966827”>2966827 </a> MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: August 12, 2014<br /><br /><br /><br />Known issues in security update 2966827:<br /><ul><li>After you install security update <a href=“https://support.microsoft.com/help/2966827” target=“_self”>2966827</a> (described in Microsoft Security Bulletin <a href=“https://technet.microsoft.com/library/security/ms14-046” target=“_self”>MS14-046</a>) for the Microsoft .NET Framework 3.5, and then you try to enable the Microsoft .NET Framework 3.5 optional feature in <strong>Windows Features</strong> for the very first time, the feature may not install. You may notice this failure if you “stage” the installation before you add the Microsoft .NET Framework 3.5 feature. For more information about how to work around this issue, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/3002547”>3002547 </a> Enabling the Microsoft .NET Framework 3.5 optional Windows feature on Windows 8, Windows Server 2012, Windows 8.1, or Windows Server 2012 R2 may fail after you install security update 2966827 or 2966828 </div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2966825”>2966825 </a> MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: August 12, 2014</li></ul><h5>The Microsoft .NET Framework 3.0</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2943344”>2943344 </a> MS14-046: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: August 12, 2014</li></ul><h5>The Microsoft .NET Framework 2.0</h5><ul><li><a href=“https://support.microsoft.com/en-us/help/2937608”>2937608 </a> MS14-046: Description of the security update for the .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: August 12, 2014</li></ul></div><h2></h2><div><h4>Update replacement information</h4>Update replacement information for each specific update can be found in the Microsoft Knowledge Base articles that correspond to this update.</div><h2></h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Windows6.0-KB980842-x64.msu</td><td>56CCB4131E94F0E4740AC65D54603AD9A2F32FDE</td><td>CC84E048D5B9A0F35F9FE981C1F0FCA67261D0C07B026B18B5626DE9ED97C6F1</td></tr><tr><td>Windows6.0-KB2937608-x86.msu</td><td>23446C961CA61E0C7ADBA32B459EE0863B5009CA</td><td>8E50A75C2611CA0F5A8A35891BA3915DDAD725782BA220EA91A74518C611A58A</td></tr><tr><td>Windows6.0-KB2901113-x86.msu</td><td>05617C64C3776658D625D3E99C398A87468C261B</td><td>B9298C5417E9E8F9E33CA0C18617EA90BA8FDB3BBE6912E6D6D0E3F8F7AABD3D</td></tr><tr><td>Windows6.0-KB980842-x86.msu</td><td>A6FC223B39B42789FF7A319AFEFF86DF2913D187</td><td>C41C2294AC8CEDE7308711183F8E0FA5BE9208ACBEEF5DB347BE6E0C8AF2E4AA</td></tr><tr><td>Windows6.0-KB2901113-ia64.msu</td><td>38B6F053764B77F556E7560DA376521000682A21</td><td>80742F7CB78A03841F1F66FBF584C9E792455B8B394795EFB5A03D60FEFE804F</td></tr><tr><td>Windows6.0-KB2901113-x64.msu</td><td>216A35BF2B5E7782B1480D5CDD9B647CB3B2243C</td><td>1E630D2EA29D4615F7A6E5D7352DDB8ED86112A1735E103D4361B05EEF3243CD</td></tr><tr><td>Windows6.0-KB2937608-ia64.msu</td><td>47B7AC276273BC21AADA6BF77CBF0B0A7D56D4C9</td><td>FA66FE7B5302A007AB209CF941DEBD91BF0E5AAC0C2E6FAB576FA772CBA807EC</td></tr><tr><td>Windows6.0-KB2937608-x64.msu</td><td>2B64C687F8A0DBDA4BA45652848697594E0DB089</td><td>7C2D1737F20812298EC82B203C148AE528AB7F72273452C73CAA3D28E67D2557</td></tr><tr><td>Windows6.0-KB980842-ia64.msu</td><td>2A2A67B37490C495E23B1EC709BACA49D06F0272</td><td>9494EDBFFE5DF90060C253C6E185DC2EE9739C144BCF1B25C2F42914078752EC</td></tr><tr><td>Windows6.1-KB2937610-ia64.msu</td><td>EDC8CC870280A43615F33F4CC8B80B5D19F9ECFE</td><td>32DADF17B8362C71E6C4A483E66243875B21F54653A7B287A447B4A59262EF14</td></tr><tr><td>Windows6.1-KB2943357-x64.msu</td><td>035199134A0E40F5EB6BF83B2781850DB5C84D81</td><td>34087D37A6BFAADF8627E35754621A82C4477C357AF2B4E2548E4592098B632C</td></tr><tr><td>Windows6.1-KB2943357-x86.msu</td><td>B4B1831A98CE4BF16DDA9E2432CF2EB1FE598CB7</td><td>C7B89E6DC4ED19726B0F606435FADD9BEFC87427D7A068F7808C9832B1BF7AA6</td></tr><tr><td>Windows6.1-KB2937610-x64.msu</td><td>4EADBBDE029E5D21EB46AAADA7B2BD012F211F6F</td><td>95BB3A42E98D5A3BB9EFBCCAE47C8A5CB0AAE65526EE44750258F4391154351B</td></tr><tr><td>Windows6.1-KB2937610-x86.msu</td><td>D90A5D24F180953737B45D7883B16347B00874D0</td><td>F4FDDE29D94F640F94C49B5A99BD1BAD9BC6E5E459C2B16B98AD03B83966681A</td></tr><tr><td>Windows6.1-KB2943357-ia64.msu</td><td>8F221DFD4E8251725B1D4CFAA551FA4E589CE9E5</td><td>22022769B68DCB8A1731DE069DA6137EFEA21FB2CCC948CCAA847842E52724FE</td></tr><tr><td>Windows8-RT-KB2966825-x64.msu</td><td>7DCFA04EC74B6976EB4EB8A9ACEA0DA40095F0F3</td><td>5C9ED6B1DDD1589FD431148C328AFE3EBA168FC30EFA8E6635A11741BCC209EB</td></tr><tr><td>Windows8-RT-KB2966827-x86.msu</td><td>F3E247F64C174DA25F263C35035AF532857F9165</td><td>1377BF8C675051B063E078A8DF71E93C8B1AF5149FB465260B8CAC2396923A92</td></tr><tr><td>Windows8-RT-KB2966825-x86.msu</td><td>13A4CAE84D8F9CE31F913EFD9C1C5724332FE22E</td><td>FBD36A2FF261BC1531C451A8E04C9E957387D02A49CF3E811C4B5D735765C18D</td></tr><tr><td>Windows8-RT-KB2966827-x64.msu</td><td>8507CB4A5D716DC4F07362BD5886D078962A9FE4</td><td>58174205C9856D43AADA12828463881DC1D0A2971F0DD3CB682AAC335D5EB4AD</td></tr><tr><td>Windows8.1-KB2966826-x86.msu</td><td>622403B94CBABA3E67E43E052BE4F4D92CFA34B3</td><td>6FF01C8A018183283296257E2E89CD67D322E146CC278D863C1471B28C72E7E0</td></tr><tr><td>Windows8.1-KB2966828-x64.msu</td><td>F31EBCFD6846F6F8685D8FC9F842C29A950A7EA0</td><td>9C7E8876CA24361D8F632033E3DF213A901A6124AF189EBDCDE28BDF22E68565</td></tr><tr><td>Windows8.1-KB2966828-x86.msu</td><td>B3026D534E05C6CD60A621FB2CEDACB312A54DE1</td><td>5DE7369D444F9ABCF9DA9886DA96797B3E4A7F301C3E7CE6E644D4DCF79CDF18</td></tr><tr><td>Windows8.1-KB2966826-x64.msu</td><td>72425C975269EFB37B5452E6E568406376915416</td><td>F8A03600F688088CF184C039AAAD61AB8465E44C767FA0ECF7A91F658E873182</td></tr></table></div></div><br /></span></div></div></div></div><h2></h2><div><a></a><br /><h3>Applies to</h3>This article applies to the following:<ul><li>Microsoft .NET Framework 3.5.1 when used with:<ul><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2 Service Pack 1</li></ul></li><li>Microsoft .NET Framework 3.5 when used with:<ul><li>Windows 8.1</li><li>Windows Server 2012 R2</li><li>Windows 8</li><li>Windows Server 2012</li></ul></li><li>Microsoft .NET Framework 3.0 Service Pack 2 when used with:<ul><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 2.0 Service Pack 2 when used with:<ul><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li></ul></li></ul></div></body></html>