Microsoft .NET Framework XML Signature HMAC Truncation Authentication Bypass Vulnerability( 09 June 2010 )
Last Update Date:
28 Jan 2011
Release Date:
9 Jun 2010
5450
Views
RISK: Medium Risk
A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Impact
- Data Manipulation
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Microsoft .NET Framework 1.0
- Microsoft .NET Framework 1.1
- Microsoft .NET Framework 2.0
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 3.5.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Service Pack 4
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 2 - Windows XP Service Pack 2
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Media Center Edition 2005 only) - Windows XP Service Pack 3
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Media Center Edition 2005 and Windows XP Tablet PC Edition 2005 only) - Windows XP Service Pack 2 and Windows XP Service Pack 3
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows XP Professional x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2003 Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2003 x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 - Windows Vista Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Vista Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 - Windows Vista x64 Edition Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Vista x64 Edition Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 - Windows Server 2008 for 32-bit Systems
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1 - Windows Server 2008 for x64-based Systems
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- >Microsoft .NET Framework 1.1 Service Pack 1 - Windows Server 2008 for Itanium-based Systems
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows Server 2008 for Itanium-based Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 - Windows 7 for 32-bit Systems
- Microsoft .NET Framework 3.5.1 - Windows 7 for x64-based Systems
- Microsoft .NET Framework 3.5.1 - Windows Server 2008 R2 for x64-based Systems
- Microsoft .NET Framework 3.5.1 - Windows Server 2008 R2 for Itanium-based Systems
- Microsoft .NET Framework 3.5.1
Vulnerability Identifier
Source
Related Link
Share with