Microsoft Ends Year With First Emergency Patch

Microsoft (NSDQ:MSFT) Thursday released its first emergency patch (work around) of the year to fix a critical vulnerability that would make it relatively easy to take down a Web site built with the company's ASP.NET application framework. Microsoft determined that the flaw was serious enough to warrant a fix outside the company's normal release schedule of the second Tuesday of each month. The latest patch, the first out-of-cycle fix this year, brought the number of security bulletins issued in 2011 to 100, compared to 106 last year.

Microsoft released a workaround for the flaw on Wednesday, as a stopgap measure until a permanent fix was available. An attacker could exploit the vulnerability to take down a site by consuming all CPU resources on a Web server or cluster of servers. To do that, the hacker would only need to send a series of specially crafted, 100 KB HTTP requests. Because of the flaw, each request would consume 100 percent of one CPU core.

 

Operating System Component Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by this Update
Windows XP        
Windows XP Service Pack 3 Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2418241 in MS10-070 and KB982167 in Security Advisory 973811 replaced by KB2656352
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656352)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2418241 in MS10-070 and KB982167 in 973811 replaced by KB2656352
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656352)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Server 2003        
Windows Server 2003 Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2416451 in MS10-070 replaced by KB2656358
  (KB2656358)      
        KB2418241 in MS10-070 and KB982167 in Security Advisory 973811 replaced by KB2656352
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656352)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2418241 in MS10-070 and KB982167 in 973811 replaced by KB2656352
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656352)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2418241 in MS10-070 and KB982167 in Security Advisory 973811 replaced by KB2656352
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656352)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Vista        
Windows Vista Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2416470 in MS10-070 and KB982533 in Security Advisory 973811 replaced by KB2656362
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656362)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2416470 in MS10-070 and KB982533 in 973811 replaced by KB2656362
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656362)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Server 2008        
Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1** Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2416470 in MS10-070 and KB982533 in Security Advisory 973811 replaced by KB2656362
  Microsoft .NET Framework 2.0 Service Pack 2**      
  (KB2656362)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1**     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4**[1]      
  (KB2656351)      
Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1** Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2416470 in MS10-070 and KB982533 in Security Advisory 973811 replaced by KB2656362
  Microsoft .NET Framework 2.0 Service Pack 2**      
  (KB2656362)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1**     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4**[1]      
  (KB2656351)      
Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1 Elevation of Privilege Critical KB2572067 in MS11-078 replaced by KB2656353
  (KB2656353)      
        KB2416470 in MS10-070 and KB982533 in 973811 replaced by KB2656362
  Microsoft .NET Framework 2.0 Service Pack 2      
  (KB2656362)     KB2416473 in MS10-070 replaced by KB2657424
         
  Microsoft .NET Framework 3.5 Service Pack 1     KB2416472 in MS10-070 replaced by KB2656351
  (KB2657424)      
         
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows 7        
Windows 7 for 32-bit Systems Microsoft .NET Framework 3.5.1 Elevation of Privilege Critical KB2416471 in MS10-070 replaced by KB2656355
  (KB2656355)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1 Elevation of Privilege Critical No bulletin replaced by KB2656356
  (KB2656356)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows 7 for x64-based Systems Microsoft .NET Framework 3.5.1 Elevation of Privilege Critical KB2416471 in MS10-070 replaced by KB2656355
  (KB2656355)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 Elevation of Privilege Critical No bulletin replaced by KB2656356
  (KB2656356)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Server 2008 R2        
Windows Server 2008 R2 for x64-based Systems Microsoft .NET Framework 3.5.1* Elevation of Privilege Critical KB2416471 in MS10-070 replaced by KB2656355
  (KB2656355)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1* Elevation of Privilege Critical No bulletin replaced by KB2656356
  (KB2656356)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4*[1]      
  (KB2656351)      
Windows Server 2008 R2 for Itanium-based Systems Microsoft .NET Framework 3.5.1 Elevation of Privilege Critical KB2416471 in MS10-070 replaced by KB2656355
  (KB2656355)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 Elevation of Privilege Critical No bulletin replaced by KB2656356
  (KB2656356)      
        KB2416472 in MS10-070 replaced by KB2656351
  Microsoft .NET Framework 4[1]      
  (KB2656351)      
         

Read More - Click Here!