Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. MS14-057: Vulnerabilities in the .NET Framework could allow remote code execution: October 14, 2014

MS14-057: Vulnerabilities in the .NET Framework could allow remote code execution: October 14, 2014

Introduction

This security update resolves the following:
  • The vulnerabilities that could allow remote code execution if an attacker sends a specially crafted URL request that contains international characters to a Microsoft .NET web application.
  • The vulnerabilities that could allow elevation of privilege by improving how Microsoft .NET Framework communicates with the ClickOnce installer process. 
  • A security feature bypass vulnerability that could let an attacker bypass the Address Space Layout Randomization (ASLR) security feature. An attacker could use this ASLR bypass vulnerability together with another vulnerability, such as a remote code execution vulnerability, to take advantage of the ASLR bypass to run arbitrary code.

↑ Back to the top

Summary

Microsoft has released security bulletin MS14-057. Learn more about how to obtain the fixes that are included in this security bulletin: 

↑ Back to the top

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top

More Information

More information about this update

The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as a download URL, prerequisites, and command-line switches. 
Microsoft .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2
  • 2979578  MS14-057: Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 for Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: October 14, 2014
  • 2972107  MS14-057: Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 for Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: October 14, 2014
  • 2979577  MS14-057: Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 for Windows 8, Windows RT, and Windows Server 2012: October 14, 2014
  • 2978042  MS14-057: Description of the security update for the .NET Framework 4.5, the .NET Framework 4.5.1, and the .NET Framework 4.5.2 for Windows 8, Windows RT, and Windows Server 2012: October 14, 2014
  • 2979576  MS14-057: Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: October 14, 
  • 2978041  MS14-057: Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: October 14, 2014
Microsoft .NET Framework 4
  • 2979575  MS14-057: Description of the security update for the .NET Framework 4 for Windows Server 2003 SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: October 14, 2014
  • 2972106  MS14-057: Description of the security update for the .NET Framework 4 for Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: October 14, 2014
Microsoft .NET Framework 3.5.1
  • 2979570  MS14-057: Description of the security update for the .NET Framework 3.5.1 for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: October 14, 2014
  • 2972100  MS14-057: Description of the security update for the .NET Framework 3.5.1 for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: October 14, 2014
  • 2968294  MS14-057: Description of the security update for the .NET Framework 3.5.1 for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: October 14, 2014
Microsoft .NET Framework 3.5
  • 2979573  MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014
  • 2972103  MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014
  • 2968296  MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014
  • 2979571  MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8 and Windows Server 2012: October 14, 2014
  • 2972101  MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8 and Windows Server 2012: October 14, 2014
  • 2968295  MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8 and Windows Server 2012: October 14, 2014
Microsoft .NET Framework 2.0
  • 2979568  MS14-057: Description of the security update for the .NET Framework 2.0 Service Pack 2 for Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: October 14, 2014
  • 2972098  MS14-057: Description of the security update for the .NET Framework 2.0 Service Pack 2 for Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: October 14, 2014
  • 2979574  MS14-057: Description of the security update for the .NET Framework 2.0 Service Pack 2 for Windows Server 2003 Service Pack 2: October 14, 2014
  • 2972105  MS14-057: Description of the security update for the .NET Framework 2.0 Service Pack 2 for Windows Server 2003 Service Pack 2: October 14, 2014
  • 2968292  MS14-057: Description of the security update for the .NET Framework 2.0 Service Pack 2 for Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: October 14, 2014

↑ Back to the top

Update replacement information

Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.

↑ Back to the top

File hash information
File nameSHA1 hashSHA256 hash
MSIPatchRegFix-AMD64.exe5011CB29B096FB674A4795EE8FC2F7FDAD33863ABA62C33DD90ECC3C945AE4F52EEEB2FA07D2C53FB975263B483D09D80F02230D
MSIPatchRegFix-IA64.exeCB861EAF1F4CDFFAD5F83604C7250CD9EDD9643361867793FC7556B79E5833CC18F493A5611EDE94E0D944575E89BAA76B223A0D
MSIPatchRegFix-X86.exe94A84B80B8B45A1AC53A0E5D085513DA0F099655C83C5EE1D4FBFF5260A7D984471EAF4C6004431C21B4F661018BDB92CC124290
NDP20SP2-KB2972105-IA64.exe181FFB6B8C6EAD42B9BE36232FD3FA8FFCC7DC11D2EBA1536AE701CE315C70591D0310FFC05272C3CFAC269A574EA4688BE52059
NDP20SP2-KB2972105-x64.exeEA41D17C2AA2115FBE4A86122C2B04B0DF939018A82AA5DFE1296282537A05043F9C4B965C4FA230EFEBE17ADFC229E0644AF2C5
NDP20SP2-KB2972105-x86.exe9896D03074FE86CD49481DFC643FBA4D2060171CE5B3B2CB9ADE9129545EB6875A18ACE5E8F6EF811FF610F804CBC6562F63FAEA
NDP20SP2-KB2979574-v2-IA64.exe435C2F1A3867DC48572A92154E8784BD2C614C7975ED560D6B5344BC8B1A1E8B2C5F8009D461A58B5A5A0C850B9CAEE257F71FEF
NDP20SP2-KB2979574-v2-x64.exe6A79FF5E419B3FD11449945EF2D24389E0B4ADF8FAB19F92DCDC38F4EF83DD2D263147A3F35BF75B007F83D216F694F7BBE6C3BD
NDP20SP2-KB2979574-v2-x86.exeE9D7E292CFF96F768A99C2F2DBEBA9CA14784C70D0E4B7A685E481D879D948F8C55783AD266ED4641C2355F3D515255C13C96FA6
NDP40-KB2972106-IA64.exe7AB764B14D3F4B5E0093C970A761E59296C5F8A2AFA5998D13A93A2807D18C283565D5C7A352CC1DE63FC069E8331E5DD21E0F9D
NDP40-KB2972106-x64.exe4631DA8D6454B5680C0159B5254C15D54A8184E1BD44D2CB053510E0CB0BC3BAAE97E34D06D241E4BFC6E03C974A4177E6E0C480
NDP40-KB2972106-x86.exeD4DC74D00B867FE7E2913292341BF86633CB601B100938ADC6DBCD34775AFA58BCDA0B93D83F6270E3F00D0A6CBEDC779533759D
NDP40-KB2979575-v2-IA64.exe6FE17DD1B17066C83838B9C37816F50E923771D4D016385E98986E973645D583102AA540B2ADB33DD0C5C50D5950D1BCDF58CFEA
NDP40-KB2979575-v2-x64.exeDB55951BF20173742751FEDA19432BC2F96DC3EE3D42B4902F95686C38748E9F17C587E3109C44BECF00DF36A7DE7199C9E28B2E
NDP40-KB2979575-v2-x86.exe777DFD33ABB9A9DCFC3192CA910C58061C32D5B1FEA33AE2A36485EB3E54A92375EA6BD357A808C0A5C165CD5914DD9BC7461843
NDP45-KB2972107-x64.exe338BD55ED27B6897C6BCAA2A6EF9C57E77B959102327E0239CD26F22D71A697F9657333BB5B3503401C2B512308F6760AC670E01
NDP45-KB2972107-x86.exe1FF2E8E02ED7FF97457A85EADDEA125BEAED428CE47EA29BE134E5A27F621A717C16F97628215F6963F49DE8954EC3B247CB6450
NDP45-KB2979578-v2-x64.exe8572841FC55CCF101C01F87EBFA4EC7BE0911EBF539A78EBBDE633C12FBE59FFC6361B9A251FEAAB7A3A82864C963DA7DF7E5E49
NDP45-KB2979578-v2-x86.exeABD805B4503234EDF7A3D0EE32EE5BA1A72C6AC135CAAA796806D3631E11B62D742063CA7B1A41E9D4B73FDD9A0A802295DF8906
Windows6.0-KB2968292-ia64.msuA9CFAD95B0D8BBE2C01541E09A916788A53087EB68979E3BDBCB6C085FA2BB9B094C2B69ADE0CF152777E72C32DDF0AB22F4B3A7
Windows6.0-KB2968292-x64.msuCAA91DA06AC6928409E34821F9B46568068C0EF1BC2354B15D9336F3CA6C82F813962DA96F22A1DCC5054668A7367625B3B5D1F8
Windows6.0-KB2968292-x86.msuB5352367B47FE33D868C40D58FE8C78BFA278B0497A731C2776D7E21BEFF723486059020968A57085328FF133E2F77185763697E
Windows6.0-KB2972098-ia64.msuA837A86DBA74E550E62D59451AF4BED6BE5885DB189A1A9A534911BCCF4D3C3C24EEDEFC8360D1C368AF7D49EC52AB914DB7F56C
Windows6.0-KB2972098-x64.msu4E4A09AA4EC90794698A04DEE27292CBB8F317D3EFA450FB91DEE1856EC120ED251C633503C1C04AEDC21C4E700B085889269602
Windows6.0-KB2972098-x86.msuCB46202234110F149232A535BDBAC67F0A7891C7367E7D40208487ED8220F495B925DBE554075DC88FF809572020F1798E2226DB
Windows6.0-KB2979568-ia64.msu3D7409E38738911D59C72E65E21CFAFF24ED9630BDEF311ED4E9613F3F4A68F59031321F4A5F50C556DC6FA1D808D7FDF6065D94
Windows6.0-KB2979568-x64.msuF0C3DF10507C0EEBADC5F5CB722C093A3A46C5E7B974C1585BB07D0756197631D4DCA372180AE1B17FD36F717ADDD1486BB2A43D
Windows6.0-KB2979568-x86.msu984EEDD830AAE372AC0578973BEEF80BC5EA08F2A606F49318A2171A729AC14663E4C12262E47F0FD7361D74E6C0AB1D9DE728E0
Windows6.1-KB2968294-ia64.msu43BC4F31CFC8C133D625BB83567B8BE0064030DAACA6B01C2ED8AC2AB72E7E24949B186C2C9DA7C29BC36EF8BB49F1290FB7FA8B
Windows6.1-KB2968294-x64.msuCFF0BAFAC3C677448C233DC0B596C8A14B9FF58C42F7C07A483A7940F8C0FF61F8F16D0839E567B9848BA67EAED2A20064FC11AD
Windows6.1-KB2968294-x86.msu5D007341C62969877271E7AA20607281BC8C338B764766E0732A29B718B5F49949C91506494A8D2EDBEF995770C089E6825277EA
Windows6.1-KB2972100-ia64.msu5E463F7DF88201A29F470063A0512DF2B92A975590C85E6E9B5858C843C9D1384AE8F1718BFE759738FC6C670A6B54E16761D930
Windows6.1-KB2972100-x64.msuBA7FB9E64BCA3E59AC2310652357065817B3355B0B267ED605A410A328B2EDE3D4F28C4EF781F6F225B5A2F8C0C4F21E87AC046A
Windows6.1-KB2972100-x86.msu2ED06D2B5D61481A10C30622EE9B3065F23AECC7A12D47161C2BC803111D320D37246B069E06FC0823BD97D9DCA3B621D9F009AE
Windows6.1-KB2979570-ia64.msu4584844DAFF8896D9647032CAD2C2C8E43B13DB7728853A40FB3EFAA24090F8946B718C36A958E87CFDC9D3FCA067B84B712216A
Windows6.1-KB2979570-x64.msu646D2E4C8D3649BAB3A7D19AD436ECF22F4021E482986C6100C5D27CC9CF48F7305C0D99F78FB6ACACA6165198551EF0D6556E67
Windows6.1-KB2979570-x86.msuF1763AC37FB72D8DA11C6162EE7EA71C0F92DA962F319B052C45291843A8F0AFA7B087D3D4729A232B7AB1CF3DA43937CCD1070B
Windows8-RT-KB2968295-x64.msu9E54756A93C909DE40FCA51F88D5C0EBDC9EF2B8800351B96E0830FD13BE82378C4A96F432318493E8AC524DEB1335115D986323
Windows8-RT-KB2968295-x86.msu5C159A12B314A2EC3D448D572BAC118B6FBED3BC46FE382621C0554241CC52A8EB339C92CCA5478A611EDD1F71AC9FAFBE032A8B
Windows8-RT-KB2972101-x64.msu5C312B8A8CC10509E7693DD0FB4185461D74D6F155FA3CAFE95A11F3C40865AE7D1ACD08035DD544D1253628B26C71C9E0B14A15
Windows8-RT-KB2972101-x86.msuCDFC9D5340B6733A9E84C1745BDADD011FBDEB1867E4C349C49EFE2E750A02FB603309A745BEC9CB0DDA4A2083EBEC5639598EF3
Windows8-RT-KB2978042-x64.msu4B4671DBAE1C60DAA6D8B9CDB40A4279BF31EA933713DFF1D1906B5C1EA14665C37D0313B8FA0B9039FCE128B0153ABFB5BBC04B
Windows8-RT-KB2978042-x86.msuF6ABC2CA0B16D91AB8167EE2A2C17E9EB3C574FD71E0BC0D3D3BBA05ABB066A956A5A5D3905E70C505B9BBF7079865DD5D34D0C9
Windows8-RT-KB2979571-x64.msu65A41D244FDC424654E00E1D8EB9C9B25729F902DB95460031DA85545DFB5CC7E9099039223B6D5D662AA6532D8BD5CBD7CF6536
Windows8-RT-KB2979571-x86.msu4E5EDD3FA24B207A821C674D78DA858F1F363A3EABFB9F76FAAC720F4258D39212D3241D034224E19A3A706596E493B5BD2D54D6
Windows8-RT-KB2979577-x64.msu9029B740D449AC74DE98B186DA51C09E3BC8DE4190EEFFF2004C0CF4CD47088316A3E0B69E7239E7B6FDAEF3B6B2ED7BAF203326
Windows8-RT-KB2979577-x86.msu7136743342F647D3D16B6C9715AF1E07058870C2DC0297B8C66EA34ED3D3261D970EE7C1C4D0F75074EC99B763479FD57A907F78
Windows8.1-KB2968296-x64.msuA5D0DE083618322CD696C91D30A01C0FF060AF0F869C533AF42E14EC2D5B2BFC8A076AEA8A3958A4ABA92D02BB79DBCF02102B1B
Windows8.1-KB2968296-x86.msuD96BE3355E90A63A43E6D5A91F3E21AC879A7699B2AB8F69247C0C5512FF33667FD4AE6F8606D8181A5E1982D36FF4DC1F2A6AB6
Windows8.1-KB2972103-v2-x64.msu539F9C91D2CFDF2D046DBD96CD6EFE2748702EE079869AF484F7A0B2B2EDD5D9DE9DB209621032A6C045D2C9C46CB7199868036D
Windows8.1-KB2972103-v2-x86.msuA07E9097F4BB1664DCD6B45112F97933208EFD77352C3EE9FF72986C92809531E93870884A7FC0E78713162D579C06329AB19FBF
Windows8.1-KB2978041-x64.msu93D7DD68C7487670C0AB4D5EB154A0EF5E40A306E8E85B3F3D0AC53436D12D3783CE680C6CEE288642964C5842A650156EE5FB43
Windows8.1-KB2978041-x86.msu80ADD0097BB5940209E825E6948A0935791F2F6920D4349FB5EB2948A65365241CCC4B6D7C041CB57A1515616DE96B2E17C2AB37
Windows8.1-KB2979573-x64.msu4E6B3A60155951F82426AACD24D2076875DDE8F743917781745BEC2D904C02A9BD522FBA1CCE6A6B83842EF561F6EBBC8B605750
Windows8.1-KB2979573-x86.msu48E21177A582CA8F94DB6819D1DCA8A9FFB2AA0B9B1BDB0A281E623BABC8BD9C5C766F5EFCE7ADDFF937F72CDB6E264CDF6FBBA8
Windows8.1-KB2979576-x64.msu41A253554010BE99A3CA3A01BAC864D53464525387F60311C67BA282436F9F058177B25722577A2F8693E9FEA3311697DB63A30E
Windows8.1-KB2979576-x86.msu322E42AEBB7E4E65BA934D4495C4F9B8A2EE80CDBD33B42826DC144F2C6368D7021DD2AD2C60EF38EE1015C0B532EFF13AE433DE

↑ Back to the top


Applies to

This article applies to the following:
  • Microsoft .NET Framework 4.5.2 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
  • Microsoft .NET Framework 4.5.1 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
  • Microsoft .NET Framework 4.5 when used with:
    • Windows 8.1
    • Windows RT 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows RT
    • Windows Server 2012
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
  • Microsoft .NET Framework 4 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
    • Windows Server 2008 Service Pack 2
    • Windows Server 2003 Service Pack 2
  • Microsoft .NET Framework 3.5.1 when used with:
    • Windows 7 Service Pack 1
    • Windows Server 2008 R2 Service Pack 1
  • Microsoft .NET Framework 3.5 when used with:
    • Windows 8.1
    • Windows Server 2012 R2
    • Windows 8
    • Windows Server 2012
  • Microsoft .NET Framework 2.0 Service Pack 2 when used with:
    • Windows Vista Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Windows Server 2003 Service Pack 2

↑ Back to the top

Keywords: atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbsecurity, kbsecbulletin, kbsecreview, kb, kbsecvulnerability, kbmustloc

↑ Back to the top

Article Info
Article ID : 3000414
Revision : 1
Created on : 1/7/2017
Published on : 10/14/2014
Exists online : False
Views : 166