Microsoft came ever-so-close to ending the year without a single unscheduled patch outside of its monthly Patch Tuesday routine, but in the end, three "Critical" vulnerabilities found in its .NET Framework prompted the Redmond software giant to take action immediately. Left unpatched, the flaws could allow for the elevation of privileges if an unauthenticated attacker sends a specially crafted Web request to the target site, Microsoft said.
"An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name," Microsoft explained in a security bulletin (MS11-100).
The update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5. Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Windows, including Windows 7.
On the plus side, we installed the updates on a Windows 7 machine and were not prompted to restart our PC.
|EVGA Tegra Note 7 NVIDIA Tegra 4...||126|
|IRS Whiffs On Windows XP Deadline, Will...||14|
|The NSA Denies Exploiting The Heartbleed...||14|
|Coincidence Or Accident? Microsoft...||12|
|Microsoft’s Windows 8.1 WIMBoot Lets You...||12|
|Microsoft Underscores Windows 8.1 Will...||10|
|Samsung Galaxy S5 Arrives With Beastly...||10|