Revision Note: V2.0 (September 9, 2014): Advisory rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this advisory was originally released.
Summary: Microsoft is announcing the availability of an update for Microsoft ASP.NET to address a vulnerability in ASP.NET view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings. The vulnerability could allow elevation of privilege and affects all supported versions of Microsoft .NET Framework except .NET Framework 3.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1.
2905247 – Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege – Version: 2.0
Prev
0
2915720 – Changes in Windows Authenticode Signature Verification – Version: 1.4
29 July 2014
Next
0
2977292 – Update for Microsoft EAP Implementation that Enables the Use of TLS – Version: 1.0
14 October 2014