none
Understand impact of Windows Server 2012 security update RRS feed

All replies

  • As per below reference article, only information available, officially from MS, is that it mitigates the denial of service attacks. There is only one line statement which is vary vague and has no technical details. It states “The vulnerability could allow denial of service if an attacker sends a small number of specially crafted requests to an affected .NET-enabled website.”

    https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-053?redirectedfrom=MSDN

     

    But unofficially, below is the information that is available. Hope it helps you.

     

    • KB updates system.identitymodel.dll
    • CVE causes Failure to Handle Exceptional Conditions
    • Attacker causes compute resource exhaustion denial of service on ASP.NET webserver by sending maliciously crafted HTTP/HTTPS requests.
    • Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability."

    Regards,
    Citrix Vdi and Windows Server 2019 Expert





    • Edited by DinuG Tuesday, October 1, 2019 6:20 PM
    Tuesday, October 1, 2019 6:18 PM