Microsoft Ends Year With First Emergency Patch
Microsoft (NSDQ:MSFT) Thursday released its first emergency patch (work around) of the year to fix a critical vulnerability that would make it relatively easy to take down a Web site built with the company's ASP.NET application framework. Microsoft determined that the flaw was serious enough to warrant a fix outside the company's normal release schedule of the second Tuesday of each month. The latest patch, the first out-of-cycle fix this year, brought the number of security bulletins issued in 2011 to 100, compared to 106 last year.
Microsoft released a workaround for the flaw on Wednesday, as a stopgap measure until a permanent fix was available. An attacker could exploit the vulnerability to take down a site by consuming all CPU resources on a Web server or cluster of servers. To do that, the hacker would only need to send a series of specially crafted, 100 KB HTTP requests. Because of the flaw, each request would consume 100 percent of one CPU core.
Â
| Operating System | Component | Maximum Security Impact | Aggregate Severity Rating | Bulletins Replaced by this Update |
| Windows XP | Â | Â | Â | Â |
| Windows XP Service Pack 3 | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2418241 in MS10-070 and KB982167 in Security Advisory 973811 replaced by KB2656352 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656352) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows XP Professional x64 Edition Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2418241 in MS10-070 and KB982167 in 973811 replaced by KB2656352 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656352) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2003 | Â | Â | Â | Â |
| Windows Server 2003 Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2416451 in MS10-070 replaced by KB2656358 |
| Â | (KB2656358) | Â | Â | Â |
| Â | Â | Â | Â | KB2418241 in MS10-070 and KB982167 in Security Advisory 973811 replaced by KB2656352 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656352) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2003 x64 Edition Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2418241 in MS10-070 and KB982167 in 973811 replaced by KB2656352 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656352) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2003 with SP2 for Itanium-based Systems | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2418241 in MS10-070 and KB982167 in Security Advisory 973811 replaced by KB2656352 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656352) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Vista | Â | Â | Â | Â |
| Windows Vista Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2416470 in MS10-070 and KB982533 in Security Advisory 973811 replaced by KB2656362 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656362) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Vista x64 Edition Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2416470 in MS10-070 and KB982533 in 973811 replaced by KB2656362 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656362) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2008 | Â | Â | Â | Â |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1** | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2416470 in MS10-070 and KB982533 in Security Advisory 973811 replaced by KB2656362 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2** | Â | Â | Â |
| Â | (KB2656362) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1** | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4**[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1** | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2416470 in MS10-070 and KB982533 in Security Advisory 973811 replaced by KB2656362 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2** | Â | Â | Â |
| Â | (KB2656362) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1** | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4**[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2008 for Itanium-based Systems Service Pack 2 | Microsoft .NET Framework 1.1 Service Pack 1 | Elevation of Privilege | Critical | KB2572067 in MS11-078 replaced by KB2656353 |
| Â | (KB2656353) | Â | Â | Â |
| Â | Â | Â | Â | KB2416470 in MS10-070 and KB982533 in 973811 replaced by KB2656362 |
| Â | Microsoft .NET Framework 2.0 Service Pack 2 | Â | Â | Â |
| Â | (KB2656362) | Â | Â | KB2416473 in MS10-070 replaced by KB2657424 |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 3.5 Service Pack 1 | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | (KB2657424) | Â | Â | Â |
| Â | Â | Â | Â | Â |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows 7 | Â | Â | Â | Â |
| Windows 7 for 32-bit Systems | Microsoft .NET Framework 3.5.1 | Elevation of Privilege | Critical | KB2416471 in MS10-070 replaced by KB2656355 |
| Â | (KB2656355) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows 7 for 32-bit Systems Service Pack 1 | Microsoft .NET Framework 3.5.1 | Elevation of Privilege | Critical | No bulletin replaced by KB2656356 |
| Â | (KB2656356) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows 7 for x64-based Systems | Microsoft .NET Framework 3.5.1 | Elevation of Privilege | Critical | KB2416471 in MS10-070 replaced by KB2656355 |
| Â | (KB2656355) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows 7 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 3.5.1 | Elevation of Privilege | Critical | No bulletin replaced by KB2656356 |
| Â | (KB2656356) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2008 R2 | Â | Â | Â | Â |
| Windows Server 2008 R2 for x64-based Systems | Microsoft .NET Framework 3.5.1* | Elevation of Privilege | Critical | KB2416471 in MS10-070 replaced by KB2656355 |
| Â | (KB2656355) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 3.5.1* | Elevation of Privilege | Critical | No bulletin replaced by KB2656356 |
| Â | (KB2656356) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4*[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2008 R2 for Itanium-based Systems | Microsoft .NET Framework 3.5.1 | Elevation of Privilege | Critical | KB2416471 in MS10-070 replaced by KB2656355 |
| Â | (KB2656355) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | Microsoft .NET Framework 3.5.1 | Elevation of Privilege | Critical | No bulletin replaced by KB2656356 |
| Â | (KB2656356) | Â | Â | Â |
| Â | Â | Â | Â | KB2416472 in MS10-070 replaced by KB2656351 |
| Â | Microsoft .NET Framework 4[1] | Â | Â | Â |
| Â | (KB2656351) | Â | Â | Â |
| Â | Â | Â | Â | Â |
No comments available.
Add new comment