Start
About
FAQ
Blogroll
ShopDescription of the security update for the .NET Framework 2.0 for Windows Vista: July 10, 2007
Description: A security issue has been identified that could allow an attacker to compromise your Windows-based system running the Microsoft .NET Framework and gain access to restricted data. You can help protect your computer by installing this update from Microsoft.
Update type: Important
Release date: July 10, 2007
Applies to: All versions
Knowledge base: support.microsoft.com/kb/929916
Download link: 32-bit | 64-bit
Comments: Though not specifically for the core of Vista, all Vista releases include IE7, so it is relevant. This update resolves three privately reported vulnerabilities. Two of these vulnerabilities could allow remote code execution on client systems with .NET Framework installed, and one could allow information disclosure on Web servers running ASP.NET. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update addresses two vulnerabilities by modifying the way .NET Framework addresses buffer allocation. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Details also available in security bulletin MS07-040.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB929916.
Digg
Mixx
Propeller
Slashdot
Stumble
Tips and Tricks
Windows Updates
Hotfixes
Keyboard Shortcuts
Vista's Services
Vista's Commands
Product Reviews
Glossary
Videos
Web Links
Comments
Bob
Jul 11, 2007 at 9:49 am
This update refuses to install on my WinXP Pro system, dying with an error code 0×64c when I try to install it with Microsoft Update.
If I download the file from Microsoft Downloads directly and try to run it, it dies with “Unable to locate source code”. Discussions at the MS Windows Update forum seem to indicate some success with completely removing .NET 2.0 and reinstalling it, but it’s not worth the trouble for me. I’ll wait for MS to issue a patched patch.
What I find upsetting about this group of flawed patches this month is that the Vista/Server 2008 beta testers were asked last month to try out 4 proposed updates to Vista, all of which have now been released, and there were no problems with any of them (the released versions were identical to the tested versions).
The 3 problem patches this month were not among the tested patches.
Joe
Jul 13, 2007 at 8:41 am
Looks like there is a 1.1 update:
V1.1 (July 12, 2007): Bulletin updated: Corrected Windows Vista severity rating in the “Affected Software� table to Important. Corrected several instances in the file manifest tables incorrectly referencing a version of Mscordacwks.dll that is not installed on the system. Added an additional FAQ explaining why customers installing .NET Framework 3.0 should update .NET Framework 2.0 on their system. Added an additional FAQ for ASP.NET Web application developers.
Grab the update from the same links above and hopefully this time it will work for you!
S J Park
Jul 22, 2007 at 11:22 am
Where do you download replacements?
Leave a Comment