https://stackoverflow.com/questions/21516183
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianCool, so
- Q: Upgraded to .Net4, is that patch included within that version of .Net?
- A: Yes, .net4 will include the patch.
Refer to this microsoft technet article: http://technet.microsoft.com/en-us/security/bulletin/ms11-100
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.
This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
ASP.NET MS11-100: how can I change the limit on the maximum number of posted form values?
Good rant in here: * https://go281.wordpress.com/tag/maxhttpcollectionkeys/
Hope this helps :)
