Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
MS14-059: Vulnerability in ASP.NET MVC could allow security feature bypass: October 14, 2014
Microsoft has released security bulletin MS14-059. To learn more about this security bulletin:
Download the package now.
Release Date: October 14, 2014
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
Support for Microsoft Update
Security solutions for IT professionals:
TechNet Security Troubleshooting and Support
Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center
Local support according to your country:
International Support
- Home users:
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now: - IT professionals:
Download information
The following files are available for download from the Microsoft Download Center.For all supported versions of Microsoft ASP.NET
Download the package now.Release Date: October 14, 2014
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.How to obtain help and support for this security update
Help installing updates:Support for Microsoft Update
Security solutions for IT professionals:
TechNet Security Troubleshooting and Support
Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center
Local support according to your country:
International Support
- For more information about deployment options to address this security vulnerability, see the MS14-059 security bulletin. This update will be offered through Microsoft Update, the Microsoft Download Center, and updated NuGet packages. The security bulletin will provide correct guidance about which deployment option is required to help make sure that your computer and applications are secure.
- Also, see the "Update FAQ" section of MS14-059 to better understand how Microsoft security updates for .NET NuGet Libraries are supported, how to determine which version of ASP.NET Model-View-Controller (MVC) is installed on your computer, which computers are offered the update through Microsoft Update, and other important information.
Known issues and more information about this security update
The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.- 2994397 MS14-059: Description of the security update for ASP.NET MVC 5.1: October 14, 2014
- 2992080 MS14-059: Description of the security update for ASP.NET MVC 5.0: October 14, 2014
- 2993928 MS14-059: Description of the security update for ASP.NET MVC 4.0: October 14, 2014Known issues in security update 2993928:
- Symptom
After you install this security update, all Azure Pack PowerShell commands return the following exemption:
Method not found: 'Void Newtonsoft.Json.Serialization.DefaultContractResolver.set_IgnoreSerializableAttribute(Boolean)
Resolution
To resolve this issue, install Update Rollup 4 for Windows Azure Pack. For more information, click the following article number to view the article in the Microsoft Knowledge Base:2992027 Update Rollup 4 for Windows Azure Pack
- Symptom
- 2993937 MS14-059: Description of the security update for ASP.NET MVC 3.0: October 14, 2014
- 2993939 MS14-059: Description of the security update for ASP.NET MVC 2.0: October 14, 2014
Applies to
This article applies to the following:- ASP.NET MVC 2.0
- ASP.NET MVC 3.0
- ASP.NET MVC 4.0
- ASP.NET MVC 5.0
- ASP.NET MVC 5.1
File hash information
| File name | SHA1 hash | SHA256 hash |
|---|---|---|
| AspNetMVC2-KB2993939.EXE | 1E3F60495160A568ADB51B09AF5C7B0A95146764 | 2B91A27DC45B11CB6977A214CF9E4DCF1E219F66876413F2A8D3DC4BE86B1175 |
| AspNetMVC3-KB2993937.EXE | 414B06C8F9800E88E1ABB6A28EAD93E445F92878 | 02885E91D4052E0DAC3EA06D2099D9F9CCBE20B27AF9B9FF64813D9383F2126A |
| AspNetMVC4-KB2993928.EXE | 760CF4C85474BBE1809B9FAB9B2996FF04C23B88 | 105089F03358AB2437722C070EC1F4F43FA8BE9BD4D85802D3374D204ADB948E |
| AspNetWebFxUpdate_KB2992080.EXE | 55C239C6B443CB122B04667A9BE948B03046BF88 | D10482E256F90D03E7B0069ED1287C14776DCCD2E3A766FD27B4BE76B78C26AC |
| AspNetWebFxUpdate_KB2994397.EXE | BBE73C4BF9AA4747F6753CACA095A5459EC277BE | 5A42E9F3847EAC08FD6B1F8A55B0AED149507034AA68A11F7EB5D3993D3A6DD7 |
Keywords: kb, kbsurveynew, kbsecvulnerability, kbsecurity, kbsecreview, kbsecbulletin, kbmustloc, kblangall, kbfix, kbexpertiseinter, kbbug, atdownload