The .NET team released a security bulletin today as part of the monthly “patch Tuesday” cycle.
This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow elevation of privilege if an attacker sends specially crafted data to an affected workstation or server that uses .NET Remoting. Only custom applications that have been specifically designed to use .NET Remoting would expose a system to the vulnerability. While this patch fixes this service, there is a call for action for developers using .NET Remoting to take immediate action to ensure their applications are secure. Further details about this topic are covered in this security blog post.
This security update is rated Important for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, and Microsoft .NET Framework 4.5.2 on affected releases of Microsoft Windows.
More details about the versions affected by this vulnerability can be found in the security bulletin MS14-072.
How to obtain help and support for this security update
- Help installing updates: Support for Microsoft Update
- Security solutions for IT professionals: TechNet Security Troubleshooting and Support
- Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
- Local support according to your country: International Support