LANDesk Patch News Bulletin: Microsoft has Relesed KB2905247 to Address a Vulnerability in the NET Framework 12-DEC-2013

Version 1

    LANDesk Security and Patch News



    • (December 12, 2013) Microsoft has released KB2905247. This update resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege on a server system if a user views a specially crafted webpage by using a web browser that can run ASP.NET applications.
    • Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1.
    • Any ASP.NET site for which view state MAC has become disabled through configuration settings is vulnerable to attack. An attacker who successfully exploited the vulnerability could use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Microsoft is aware of general information available publicly that could be used to exploit this vulnerability, but is not aware of any active attacks.
    • Please visit the following page for more details,



    New Vulnerabilities

    • Vulnerability ID – 2905247
    • Vulnerability ID – 2905247_MSU
    • Vulnerability ID – 2905247_INTL


    Changed Vulnerabilities

    • Vulnerability ID – N/A


    New Patch Downloads

    • ndp20sp2-kb2894843-x64.exe
    • ndp20sp2-kb2894843-x86.exe
    • ndp40-kb2894842-x64.exe
    • ndp40-kb2894842-x86.exe
    • ndp45-kb2894849-x64.exe
    • ndp45-kb2894849-x86.exe
    • ndp45-kb2894854-x64.exe
    • ndp45-kb2894854-x86.exe
    • windows6.0-kb2894847-x86.msu
    • windows6.0-kb2894847-x64.msu
    • windows6.1-kb2894844-x86.msu
    • windows6.1-kb2894844-x64.msu
    • windows8-rt-kb2894855-x86.msu
    • windows8-rt-kb2894851-x86.msu
    • windows8-rt-kb2894850-x86.msu
    • windows8-rt-kb2894855-x64.msu
    • windows8-rt-kb2894851-x64.msu
    • windows8-rt-kb2894850-x64.msu
    • windows8.1-kb2894856-x86.msu
    • windows8.1-kb2894852-x86.msu
    • windows8.1-kb2894856-x64.msu
    • windows8.1-kb2894852-x64.msu
    • windowsserver2003-kb2894845-x86-enu.exe


    Where to Send Feedback

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.


    Best regards,

    LANDesk Product Support


    Copyright © 2013 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.


    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit