This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.
This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows.
The security update addresses the vulnerabilities by correcting how Microsoft WinForms validates decoder results and by correcting how.NET Framework handles extensible stylesheet language transformations (XSLT).
For more information about this update, see Microsoft Knowledge Base Article 3137893.
English Version
https://technet.microsoft.com/library/security/MS16-019
简体中文版
https://technet.microsoft.com/zh-CN/library/security/MS16-019
Responses to “MS16-019 Security Update for .NET Framework to Address Denial of Service (3137893)”
Back Top
Leave a Reply