(MS14-053) Vulnerability in .NET Framework Could Allow Denial of Service (2990931)

• Email
• Facebook
• Twitter
• Google+
• Linkedin

  Severity: HIGH

  CVE Identifier: CVE-2014-4072

  Advisory Date: OCT 30, 2014

---

  DESCRIPTION

This security update addresses a vulnerability found in Microsoft .NET Framework. Once exploited successfully, it can allow denial of service via specially crafted requests to an affected .NET-enabled website.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

  SOLUTION

  PATCH: https://technet.microsoft.com/library/security/MS14-053

  AFFECTED SOFTWARE AND VERSION

• Microsoft .NET Framework 1.1 Service Pack 1
• Microsoft .NET Framework 2.0 Service Pack 2
• Microsoft .NET Framework 4.5
• Microsoft .NET Framework 4.5.1
• Microsoft .NET Framework 4.5.2
• Microsoft .NET Framework 3.5
• Microsoft .NET Framework 3.0 Service Pack 2
• Microsoft .NET Framework 4
• Microsoft .NET Framework 3.5.1

Related Vulnerability

• September 2014 - Microsoft Releases 4 Security Advisories