Microsoft came ever-so-close to ending the year without a single unscheduled patch outside of its monthly Patch Tuesday routine, but in the end, three "Critical" vulnerabilities found in its .NET Framework prompted the Redmond software giant to take action immediately. Left unpatched, the flaws could allow for the elevation of privileges if an unauthenticated attacker sends a specially crafted Web request to the target site, Microsoft said.
"An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name," Microsoft explained in a security bulletin (MS11-100).
The update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5. Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Windows, including Windows 7.
On the plus side, we installed the updates on a Windows 7 machine and were not prompted to restart our PC.
|Intel Core i7-3970X Sandy Bridge-E CPU...||9|
|California Teen's Supercapacitor...||7|
|Nintendo Demanding Copyright Royalties...||7|
|Bill Gates Once Again World's Wealthiest...||6|
|IT Departments Resist Deploying Windows...||5|
|Google Glass Creeping Out Friends and...||5|
|Archos Hits The $200 Spot With 8-Inch 80...||5|