August 11th, 2015

August 2015 .NET Security Updates

The .NET team released two security bulletins today as part of the monthly “Update Tuesday” cycle. 

Microsoft Security Bulletin MS15-080 – Critical, Vulnerability in .NET Framework Could Allow Remote Code Execution (3078662

This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.

This security update is rated Critical for Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6 and 4.6 RC on affected releases of Microsoft Windows.

More details about the versions affected by this vulnerability can be found in the security bulletin MS15-080.

 

Microsoft Security Bulletin MS15-092 – Important, Vulnerability in .NET Framework Could Allow Information Disclosure (3086251

This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user installs a specially crafted partial trust application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

This security update is rated Important for Microsoft .NET Framework 4.6 and 4.6 RC on affected releases of Microsoft Windows.

More details about the versions affected by this vulnerability can be found in the security bulletin MS15-092. More context can also be found here.

How to obtain help and support for this security update

 

0 comments

Discussion are closed.