LANDesk Security and Patch News
- (December 12, 2013) Microsoft has released KB2905247. This update resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege on a server system if a user views a specially crafted webpage by using a web browser that can run ASP.NET applications.
- Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1.
- Any ASP.NET site for which view state MAC has become disabled through configuration settings is vulnerable to attack. An attacker who successfully exploited the vulnerability could use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Microsoft is aware of general information available publicly that could be used to exploit this vulnerability, but is not aware of any active attacks.
- Please visit the following page for more details, http://support.microsoft.com/kb/2905247
- Vulnerability ID – 2905247
- Vulnerability ID – 2905247_MSU
- Vulnerability ID – 2905247_INTL
- Vulnerability ID – N/A
New Patch Downloads
Where to Send Feedback
LANDesk Product Support
Copyright © 2013 LANDesk Software. All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.