MS KB2905247: Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
High Nessus Plugin ID 71323
SynopsisThe .NET Framework installed on the remote Windows host is affected by a privilege escalation vulnerability.
DescriptionThe version of the .NET Framework installed on the remote Windows host is affected by a privilege escalation vulnerability that allows a remote attacker to inject and execute arbitrary code in the context of the service account for the ASP.NET server.
This advisory was re-released on September 9, 2014 to offer the security update via Microsoft Update, and to address an issue that occasionally caused 'Page.IsPostBack' to return an incorrect value in some of the affected software.
SolutionMicrosoft has released a set of patches for .NET Framework 1.1, 2.0, 3.5, 3.5.1, 4.0, 4.5, and 4.5.1.