Microsoft Security Bulletin MS15-118 - Important
Security Update for .NET Framework to Address Elevation of Privilege (3104507)
Published: November 10, 2015 | Updated: February 9, 2016
Version: 2.0
Executive Summary
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.
This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, Microsoft .NET Framework 4.5.2, and Microsoft .NET Framework 4.6 on affected releases of Microsoft Windows. For more information, see the Affected Software section.
The security updates address the vulnerabilities by modifying how ASP.NET validates the value of a HTTP request, correcting how the .NET Framework parses certain specially crafted XML files, and helping to ensure that a .NET component properly implements the ASLR security feature. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability.
For more information about this update, see Microsoft Knowledge Base Article 3104507.
Affected Software and Vulnerability Severity Ratings
The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the November bulletin summary.
| Operating System | Component | .NET Information Disclosure Vulnerability - CVE-2015-6096 | .NET Elevation of Privilege Vulnerability - CVE-2015-6099 | .NET ASLR Bypass - CVE-2015-6115 | Updates Replaced |
|---|---|---|---|---|---|
| Windows Vista | |||||
| Windows Vista Service Pack 2 | Microsoft .NET Framework 2.0 Service Pack 2 | Important Information Disclosure (3097988) | Not applicable | Important Security Feature Bypass (3097988) | 3097988 replaces 2979568 in MS14-057 |
| Windows Vista Service Pack 2 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows Vista Service Pack 2 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3097996 replaces 2979578 in MS14-057 3098781 replaces 2901126 in MS14-009 |
| Windows Vista Service Pack 2 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows Vista x64 Edition Service Pack 2 | Microsoft .NET Framework 2.0 Service Pack 2 | Important Information Disclosure (3097988) | Not applicable | Important Security Feature Bypass (3097988) | 3097988 replaces 2979568 in MS14-057 |
| Windows Vista x64 Edition Service Pack 2 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows Vista x64 Edition Service Pack 2 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3097996 replaces 2979578 in MS14-057 3098781 replaces 2901126 in MS14-009 |
| Windows Vista x64 Edition Service Pack 2 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows Server 2008 | |||||
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Microsoft .NET Framework 2.0 Service Pack 2 | Important Information Disclosure (3097988) | Not applicable | Important Security Feature Bypass (3097988) | 3097988 replaces 2979568 in MS14-057 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3097996 replaces 2979578 in MS14-057 3098781 replaces 2901126 in MS14-009 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Microsoft .NET Framework 2.0 Service Pack 2 | Important Information Disclosure (3097988) | Not applicable | Important Security Feature Bypass (3097988) | 3097988 replaces 2979568 in MS14-057 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3097996 replaces 2979578 in MS14-057 3098781 replaces 2901126 in MS14-009 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows Server 2008 for Itanium-based Systems Service Pack 2 | Microsoft .NET Framework 2.0 Service Pack 2 | Important Information Disclosure (3097988) | Not applicable | Important Security Feature Bypass (3097988) | 3097988 replaces 2979568 in MS14-057 |
| Windows Server 2008 for Itanium-based Systems Service Pack 2 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows 7 | |||||
| Windows 7 for 32-bit Systems Service Pack 1 | Microsoft .NET Framework 3.5.1 | Important Information Disclosure (3097989) | Not applicable | Important Security Feature Bypass (3097989) | 3097989 replaces 2979570 in MS14-057 |
| Windows 7 for 32-bit Systems Service Pack 1 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows 7 for 32-bit Systems Service Pack 1 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3097996 replaces 2979578 in MS14-057 3098781 replaces 2901126 in MS14-009 |
| Windows 7 for 32-bit Systems Service Pack 1 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows 7 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 3.5.1 | Important Information Disclosure (3097989) | Not applicable | Important Security Feature Bypass (3097989) | 3097989 replaces 2979570 in MS14-057 |
| Windows 7 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows 7 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3097996 replaces 2979578 in MS14-057 3098781 replaces 2901126 in MS14-009 |
| Windows 7 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows Server 2008 R2 | |||||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 3.5.1 | Important Information Disclosure (3097989) | Not applicable | Important Security Feature Bypass (3097989) | 3097989 replaces 2979570 in MS14-057 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3097996 replaces 2979578 in MS14-057 3098781 replaces 2901126 in MS14-009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | Microsoft .NET Framework 3.5.1 | Important Information Disclosure (3097989) | Not applicable | Important Security Feature Bypass (3097989) | 3097989 replaces 2979570 in MS14-057 |
| Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows 8 and Windows 8.1 | |||||
| Windows 8 for 32-bit Systems | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097991) | Not applicable | Important Security Feature Bypass (3097991) | 3097991 replaces 2979571 in MS14-057 |
| Windows 8 for 32-bit Systems | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097995) | Important Elevation of Privilege (3098780) | Not applicable | 3098780 replaces 2901127 in MS14-009 |
| Windows 8 for 32-bit Systems | Microsoft .NET Framework 4.6 | Important Information Disclosure (3097999) | Important Elevation of Privilege (3098784) | Not applicable | None |
| Windows 8 for x64-based Systems | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097991) | Not applicable | Important Security Feature Bypass (3097991) | 3097991 replaces 2979571 in MS14-057 |
| Windows 8 for x64-based Systems | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097995) | Important Elevation of Privilege (3098780) | Not applicable | 3098780 replaces 2901127 in MS14-009 |
| Windows 8 for x64-based Systems | Microsoft .NET Framework 4.6 | Important Information Disclosure (3097999) | Important Elevation of Privilege (3098784) | Not applicable | None |
| Windows 8.1 for 32-bit Systems | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097992) | Not applicable | Important Security Feature Bypass (3097992) | 3097992 replaces 2979573 in MS14-057 |
| Windows 8.1 for 32-bit Systems | Microsoft .NET Framework 4.5.1/4.5.2 | Important Information Disclosure (3097997) | Important Elevation of Privilege (3098779) | Not applicable | 3097997 replaces 2979576 in MS14-057 3098779 replaces 2901128 in MS14-009 |
| Windows 8.1 for 32-bit Systems | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098000) | Important Elevation of Privilege (3098785) | Not applicable | None |
| Windows 8.1 for x64-based Systems | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097992) | Not applicable | Important Security Feature Bypass (3097992) | 3097992 replaces 2979573 in MS14-057 |
| Windows 8.1 for x64-based Systems | Microsoft .NET Framework 4.5.1/4.5.2 | Important Information Disclosure (3097997) | Important Elevation of Privilege (3098779) | Not applicable | 3097997 replaces 2979576 in MS14-057 3098779 replaces 2901128 in MS14-009 |
| Windows 8.1 for x64-based Systems | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098000) | Important Elevation of Privilege (3098785) | Not applicable | None |
| Windows Server 2012 and Windows Server 2012 R2 | |||||
| Windows Server 2012 | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097991) | Not applicable | Important Security Feature Bypass (3097991) | 3097991 replaces 2979571 in MS14-057 |
| Windows Server 2012 | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097995) | Important Elevation of Privilege (3098780) | Not applicable | 3098780 replaces 2901127 in MS14-009 |
| Windows Server 2012 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3097999) | Important Elevation of Privilege (3098784) | Not applicable | None |
| Windows Server 2012 R2 | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097992) | Not applicable | Important Security Feature Bypass (3097992) | 3097992 replaces 2979573 in MS14-057 |
| Windows Server 2012 R2 | Microsoft .NET Framework 4.5.1/4.5.2 | Important Information Disclosure (3097997) | Important Elevation of Privilege (3098779) | Not applicable | 3097997 replaces 2979576 in MS14-057 3098779 replaces 2901128 in MS14-009 |
| Windows Server 2012 R2 | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098000) | Important Elevation of Privilege (3098785) | Not applicable | None |
| Windows RT and Windows RT 8.1 | |||||
| Windows RT | Microsoft .NET Framework 4.5/4.5.1/4.5.2[2] | Important Information Disclosure (3097995) | Important Elevation of Privilege (3098780) | Not applicable | None |
| Windows RT | Microsoft .NET Framework 4.6[2] | Important Information Disclosure (3097999) | Important Elevation of Privilege (3098784) | Not applicable | None |
| Windows RT 8.1 | Microsoft .NET Framework 4.5.1/4.5.2[2] | Important Information Disclosure (3097997) | Important Elevation of Privilege (3098779) | Not applicable | 3097997 replaces 2979576 in MS14-057 3098779 replaces 2901128 in MS14-009 |
| Windows RT 8.1 | Microsoft .NET Framework 4.6[2] | Important Information Disclosure (3098000) | Important Elevation of Privilege (3098785) | Not applicable | None |
| Windows 10 | |||||
| Windows 10 for 32-bit Systems[3] | Microsoft .NET Framework 3.5 | Important Information Disclosure (3105213) | Not applicable | Important Security Feature Bypass (3105213) | 3097617 |
| Windows 10 for 32-bit Systems[3] | Microsoft .NET Framework 4.6 | Important Information Disclosure (3105213) | Important Elevation of Privilege (3105213) | Not applicable | 3097617 |
| Windows 10 for x64-based Systems[3] | Microsoft .NET Framework 3.5 | Important Information Disclosure (3105213) | Not applicable | Important Security Feature Bypass (3105213) | 3097617 |
| Windows 10 for x64-based Systems[3] | Microsoft .NET Framework 4.6 | Important Information Disclosure (3105213) | Important Elevation of Privilege (3105213) | Not applicable | 3097617 |
| Server Core installation option | |||||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Microsoft .NET Framework 3.5.1 | Important Information Disclosure (3097989) | Not applicable | Important Security Feature Bypass (3097989) | 3097989 replaces 2979570 in MS14-057 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Microsoft .NET Framework 4[1] | Important Information Disclosure (3097994) | Important Elevation of Privilege (3098778) | Not applicable | 3097994 replaces 2979575 in MS14-057 3098778 replaces 2656351 in MS11-100 and 2901110 in MS14-009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097996) | Important Elevation of Privilege (3098781) | Not applicable | 3098781 replaces 2901126 in MS14-009 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098001) | Important Elevation of Privilege (3098786) | Not applicable | None |
| Windows Server 2012 (Server Core installation) | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097991) | Not applicable | Important Security Feature Bypass (3097991) | 3097991 replaces 2979571 in MS14-057 |
| Windows Server 2012 (Server Core installation) | Microsoft .NET Framework 4.5/4.5.1/4.5.2 | Important Information Disclosure (3097995) | Important Elevation of Privilege (3098780) | Not applicable | 3098780 replaces 2901127 in MS14-009 |
| Windows Server 2012 (Server Core installation) | Microsoft .NET Framework 4.6 | Important Information Disclosure (3097999) | Important Elevation of Privilege (3098784) | Not applicable | None |
| Windows Server 2012 R2 (Server Core installation) | Microsoft .NET Framework 3.5 | Important Information Disclosure (3097992) | Not applicable | Important Security Feature Bypass (3097992) | 3097992 replaces 2979573 in MS14-057 |
| Windows Server 2012 R2 (Server Core installation) | Microsoft .NET Framework 4.5.1/4.5.2 | Important Information Disclosure (3097997) | Important Elevation of Privilege (3098779) | Not applicable | 3097997 replaces 2979576 in MS14-057 3098779 replaces 2901128 in MS14-009 |
| Windows Server 2012 R2 (Server Core installation) | Microsoft .NET Framework 4.6 | Important Information Disclosure (3098000) | Important Elevation of Privilege (3098785) | Not applicable | None |
[1].NET Framework 4 and .NET Framework 4 Client Profile affected.
[2]This update is available via Windows Update only.
Note Windows Server Technical Preview 3 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.
Update FAQ
How do I determine which version of Microsoft .NET Framework is installed?
You can install and run multiple versions of .NET Framework on a system, and you can install the versions in any order. For more information, see Microsoft Knowledge Base Article 318785.
What is the difference between .NET Framework 4 and .NET Framework 4 Client Profile?
The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4 and .NET Framework 4 Client Profile. The .NET Framework 4 Client Profile is a subset of the .NET Framework 4 profile that is optimized for client applications. It provides functionality for most client applications, including Windows Presentation Foundation (WPF), Windows Forms, Windows Communication Foundation (WCF), and ClickOnce features. This enables faster deployment and a smaller install package for applications that target the .NET Framework 4 Client Profile. For more information, see the MSDN article, .NET Framework Client Profile.
There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Affected Software table for the software?
Yes. Customers should apply all updates offered for the software installed on their systems.
Do I need to install these security updates in a particular sequence?
No. Multiple updates for a given system can be applied in any sequence.
Vulnerability Information
.NET Information Disclosure Vulnerability - CVE-2015-6096
An information disclosure vulnerability exists in the .NET Framework DTD parsing of certain specially crafted XML files. An attacker who successfully exploited this vulnerability could gain read access to local files on the target system.
To exploit this vulnerability, an attacker would need to convince a user to download and open a specially crafted application file. However, the attacker would have no way to force a user to download the file. The update addresses the vulnerability by correcting how the .NET Framework parses certain specially crafted XML files.
Microsoft received information about the vulnerability through coordinated vulnerability disclosure. At the time this security bulletin was originally issued, Microsoft was unaware of any attack attempting to exploit this vulnerability.
Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.
.NET Elevation of Privilege Vulnerability - CVE-2015-6099
An elevation of privilege vulnerability exists when ASP.NET improperly validates values in HTTP requests, exposing users to a potential cross-site scripting (XSS) attack. An attacker who successfully exploited the vulnerability could leverage a vulnerable website to inject client-side script into a user’s browser and ultimately modify or spoof content, conduct phishing activities, disclose information, or perform any action on the vulnerable website that the target user has permission to perform.
To exploit this vulnerability, user interaction is required. In a web-browsing scenario a user would have to navigate to a compromised website. In an email attack scenario an attacker would have to convince a user who is logged on to a vulnerable server to click a specially crafted link in an email. The update addresses the vulnerability by modifying how ASP.NET validates the value of an HTTP request.
Microsoft received information about the vulnerability through coordinated vulnerability disclosure. At the time this security bulletin was originally issued, Microsoft was unaware of any attack attempting to exploit this vulnerability.
Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.
The following workarounds may be helpful in your situation:
Remove requestPathInvalidCharacters key from web.config
In order to work around this issue, administrators can remove the <httpRuntime requestPathInvalidCharacters="" /> non-default setting from web.config, or at least include “:” in the requestPathInvalidCharacters setting.
How to undo the workaround:
Restore the previously removed <httpRuntime requestPathInvalidCharacters="" /> line.
.NET ASLR Bypass - CVE-2015-6115
A security feature bypass exists in a .NET Framework component that does not properly implement the Address Space Layout Randomization (ASLR) security feature, which protects users from a broad class of vulnerabilities. The ASLR bypass could allow an attacker to bypass the security feature and then load additional malicious code in an attempt to exploit another vulnerability. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.
To exploit the ASLR bypass an attacker could host a specially crafted website (or leverage compromised websites or websites that accept or host potentially compromised user-provided content). An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince a user to do so. For example, an attacker could trick a user into clicking a link that takes the user to the compromised site. If the user is using a web browser that is capable of instantiating COM components, such as Internet Explorer, the affected .NET Framework component can be loaded to bypass the ASLR security feature. An attacker could then leverage the ASLR bypass to exploit an additional vulnerability, usually a remote code execution vulnerability. For example, a remote code execution vulnerability that is normally blocked by ASLR, could be exploited after a successful ASLR bypass. The update addresses the ASLR bypass by helping to ensure that the .NET component properly implements the ASLR security feature.
Microsoft received information about the vulnerability through coordinated vulnerability disclosure. At the time this security bulletin was originally issued, Microsoft was unaware of any attack attempting to exploit this vulnerability.
Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.
Security Update Deployment
For Security Update Deployment information see the Microsoft Knowledge Base article referenced in the Executive Summary.
Acknowledgments
Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.
Disclaimer
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (November 10, 2015): Bulletin published.
- V2.0 (February 9, 2016): Revised bulletin to announce the re-release of update 3098785 to address known issues, discussed in Microsoft Knowledge Base Article 3118750, that customers who are running Windows 8.1, Windows RT, or Windows Server 2012 R2 may have experienced after installing .NET Framework 4.6 on a machine that already has a fully-updated version of .NET Framework 4.5.x. Microsoft recommends that customers scan for new updates to download, and install the re-released update 3098785. For more information see Microsoft Knowledge Base Article 3118750.
Page generated 2016-02-16 09:35-08:00.