<<< JPCERT/CC Alert 04.01.12 >>>
Vulnerabilities in Microsoft .NET Framework
Microsoft has released an "out-of-band" vulnerability information of
.NET Framework on December 30, 2011. The severity rating of this
security update is "Critical". An exploit of this vulnerability could
result in a remote denial-of-service attack or arbitrary command
execution (after escalating privilege of a stolen existing account).
For further information about the vulnerability, refer to the
Microsoft Security Bulletin MS11-100 - Critical
Vulnerability in the .NET Framework could allow elevation of privilege (2638420)
At this point, JPCERT/CC has not confirmed attacks exploiting these
Apply the update immediately by using means such as Microsoft Update
or Windows Update.
Japan Security Team
MS11-100 released out-of-bound to resolve vulnerability described in Security Advisory (2659883) (Japanese)
Denial of Service Vulnerability in Web Applications using Hash Functions (Japanese)
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
JPCERT Coordination Center (JPCERT/CC)
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602