<html><body><p>Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS13-103. To view the complete security bulletin, visit one of the following Microsoft websites:<br /><ul><li>Home users:<br /><div><a href=βhttp://www.microsoft.com/security/pc-security/updates.aspxβ target=β_selfβ>http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=βhttp://update.microsoft.com/microsoftupdate/β target=β_selfβ>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=βhttp://technet.microsoft.com/security/bulletin/ms13-103β target=β_selfβ>http://technet.microsoft.com/security/bulletin/MS13-103</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help installing updates:<br /><a href=βhttps://support.microsoft.com/ph/6527β target=β_selfβ>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals:<br /><a href=βhttp://technet.microsoft.com/security/bb980617.aspxβ target=β_selfβ>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=βhttps://support.microsoft.com/contactus/cu_sc_virsec_masterβ target=β_selfβ>Virus Solution and Security Center</a><br /><br />Local support according to your country:<br /><a href=βhttps://support.microsoft.com/common/international.aspxβ target=β_selfβ>International Support</a><br /><br /></div><h2>More Information</h2><div><h3>Additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><ul><li><div><a href=βhttps://support.microsoft.com/en-us/help/2903566β>2903566 </a> MS13-103: Description of the security update for Microsoft Visual Studio Team Foundation Server 2013: December 10, 2013</div></li><li><div><a href=βhttps://support.microsoft.com/en-us/help/2903919β>2903919 </a>Β MS13-103: Description of the security update for ASP.NET SignalR: December 10, 2013</div></li></ul></div><h2></h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>SignalR-KB2903919.msi</td><td>C719B287996A0FF3F26AC146621F2E394914CA43</td><td>D7C1BDA20A6569DE2D2BC69996957E69209C05E5450A801180905898D0279AD3</td></tr><tr><td>TFS2013-KB2903566.exe</td><td>CD8CF9E017607E3486BB7244F496167D6D7C42FB</td><td>36965DF098B23F3DF275060D4F2D838943C93C95027F224BD47A5AC6F7A63E6D</td></tr></table></div></div><br /></span></div></div></div></div><h2>Applies to</h2><div><ul><li>ASP.NET SignalR 1.1.xΒ </li><li>ASP.NET SignalR 2.0.xΒ </li><li>Microsoft Visual Studio Team Foundation Server 2013</li></ul><span>Note</span> The ASP.NET SignalR updates apply to Windows-based servers that host web applications that support ASP.NET SignalR functionality.Β These updates are available only for download, and they update versions 1.1.0, 1.1.1, 1.1.2, 1.1.3, and version 2.0.0 to the latest supported versions (1.1.4 and 2.0.1, as of the date of this bulletin).Β See the βSecurity Update Deploymentβ section of the <a href=βhttp://technet.microsoft.com/security/bulletin/ms13-103β target=β_selfβ>security bulletin</a> for more information.Β </div></body></html>