Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB929916

Description of the security update for the .NET Framework 2.0 for Windows Vista: July 10, 2007

UpdatesDescription: A security issue has been identified that could allow an attacker to compromise your Windows-based system running the Microsoft .NET Framework and gain access to restricted data. You can help protect your computer by installing this update from Microsoft.

Update type: Important

Release date: July 10, 2007

Applies to: All versions

Knowledge base:

Download link: 32-bit | 64-bit

Comments: Though not specifically for the core of Vista, all Vista releases include IE7, so it is relevant. This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update addresses two vulnerabilities by modifying the way .NET Framework addresses buffer allocation. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Details also available in security bulletin MS07-040.


There is a download that resolves this issue. See Hotfixes for details. This issue is resolved in SP1.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB929916.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts


  • Bob

    Jul 11, 2007 at 9:49 am

    This update refuses to install on my WinXP Pro system, dying with an error code 0x64c when I try to install it with Microsoft Update.

    If I download the file from Microsoft Downloads directly and try to run it, it dies with “Unable to locate source code”. Discussions at the MS Windows Update forum seem to indicate some success with completely removing .NET 2.0 and reinstalling it, but it’s not worth the trouble for me. I’ll wait for MS to issue a patched patch.

    What I find upsetting about this group of flawed patches this month is that the Vista/Server 2008 beta testers were asked last month to try out 4 proposed updates to Vista, all of which have now been released, and there were no problems with any of them (the released versions were identical to the tested versions).

    The 3 problem patches this month were not among the tested patches.

  • Joe

    Jul 13, 2007 at 8:41 am

    Looks like there is a 1.1 update:
    V1.1 (July 12, 2007): Bulletin updated: Corrected Windows Vista severity rating in the “Affected Software� table to Important. Corrected several instances in the file manifest tables incorrectly referencing a version of Mscordacwks.dll that is not installed on the system. Added an additional FAQ explaining why customers installing .NET Framework 3.0 should update .NET Framework 2.0 on their system. Added an additional FAQ for ASP.NET Web application developers.

    Grab the update from the same links above and hopefully this time it will work for you!

  • S J Park

    Jul 22, 2007 at 11:22 am

    Where do you download replacements?

Leave a Comment