Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB3164024
HistoryJul 12, 2016 - 7:00 a.m.

MS16-091: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: July 12, 2016

2016-07-1207:00:00
Microsoft
support.microsoft.com
17

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.136

Percentile

95.7%

JSON

MS16-091: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: July 12, 2016

November 8, 2016 A detection change was made to account for the .NET Framework 4.6.1 hotfix rollup for customers who were not being correctly offered this security update for the .NET Framework 4.6.1.
View products that this article applies to.

Summary

This update resolves a vulnerability in the Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application. To learn more about this vulnerability, see Microsoft Security Bulletin MS16-091.

More Information

Important All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.

How to obtain and install this update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the “Turn on automatic updating in the Control Panel” section of this Safety & Security Center article.

Note For Windows RT 8.1, this update is available through Windows Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. To install this update, follow the install instructions on the download page.

DownloadDownload security update 3164024

Update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3170048.

Update removal information

Note We do not recommend that you remove any security update.

To remove this update, use the Programs and Features item in Control Panel.

Update restart information

This update does not require a system restart after you apply it unless files that are being updated are locked or are being used.

Update replacement information

This update does not replace any previously released update.

__

File information

File hashFile name Package hash SHA1 Package hash SHA2
Windows8.1-KB3164024-arm.msu 78EC6EF8AB1C759F097345C29C0B3D372DF4E342 0F8BA6376E50697FA63E6DAB4BE4AF6D98BD0E38CFC41A1D5F1E3E7AF3AB641A
Windows8.1-KB3164024-x86.msu 94BBAB1B1CA90FA267B65FB172EBE4E4951A0F7C 08F92E415F2DDB6CC8C94649E5ACB1CEC35F2BED959BB537DE99FE9EE124C35E
Windows8.1-KB3164024-x64.msu 7FDFB76340B09D46BC3C2E230CD66D06FA327253 C1AAF0B88D4BBA1B02CECCF2350C09168C96BFE97EA674811E1AD3C6E6C836E7
File attributesThe English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
For all supported ARM-based versionsFile name File version File size Date Time Platform
Msvcp120_clr0400.dll 12.0.52242.36242 602,080 20-Jun-2016 19:23 Not applicable
Msvcr120_clr0400.dll 12.0.52242.36242 634,336 20-Jun-2016 19:23 Not applicable
System.data.dll 4.6.1082.0 3,362,304 20-May-2016 07:30 Not applicable
For all supported x86-based versionsFile name File version File size Date Time Platform
Msvcp120_clr0400.dll 12.0.52512.0 484,552 20-Jun-2016 19:23 x86
Msvcr120_clr0400.dll 12.0.52512.0 987,848 20-Jun-2016 19:23 x86
System.data.dll 4.6.1082.0 3,359,920 20-May-2016 07:39 x86
For all supported x64-based versionsFile name File version File size Date Time Platform
Msvcp120_clr0400.dll 12.0.52512.0 690,016 20-Jun-2016 19:23 x64
Msvcr120_clr0400.dll 12.0.52512.0 993,632 20-Jun-2016 19:23 x64
System.data.dll 4.6.1082.0 3,422,384 20-May-2016 07:32 x64
Msvcp120_clr0400.dll 12.0.52512.0 484,552 20-Jun-2016 19:23 x86
Msvcr120_clr0400.dll 12.0.52512.0 987,848 20-Jun-2016 19:23 x86
System.data.dll 4.6.1082.0 3,359,920 20-May-2016 07:39 x86

__

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Applies toThis article applies to the following:

  • Microsoft .NET Framework 4.6 and 4.6.1 when used with:

    • Windows Server 2012 R2
    • Windows 8.1
    • Windows Server 2012

Related

symantec 1
cvelist 1
mskb 12
kaspersky 1
mscve 1
nessus 1
openvas 1
cve 1
prion 1
nvd 1
symantec
symantec
Microsoft .NET Framework CVE-2016-3255 XML External Entity Information Disclosure Vulnerability
2016-07-12 00:00:00
cvelist
cvelist
CVE-2016-3255
2016-07-13 01:00:00
mskb
mskb
MS16-091: Description of the security update for the .NET Framework 4.5.2 in Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1: July 12, 2016
2016-07-12 07:00:00
Security update 2016-07-12
2016-07-12 07:00:00
MS16-091: Security update for the .NET Framework: July 12, 2016
2016-07-12 00:00:00
kaspersky
kaspersky
KLA10841 OSI vulnerability in Microsoft Developer Tools
2016-07-12 00:00:00
mscve
mscve
.NET Framework Information Disclosure Vulnerability
2016-07-12 07:00:00
nessus
nessus
MS16-091: Security Update for .NET Framework (3170048)
2016-07-12 00:00:00
openvas
openvas
Microsoft .NET Framework Information Disclosure Vulnerability (3170048)
2016-07-13 00:00:00
cve
cve
CVE-2016-3255
2016-07-13 01:59:16
prion
prion
Information disclosure
2016-07-13 01:59:00
nvd
nvd
CVE-2016-3255
2016-07-13 01:59:16

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.136

Percentile

95.7%

JSON
Related for KB3164024
symantec1cvelist1mskb12kaspersky1mscve1nessus1openvas1cve1prion1nvd1