TechNet
Export (0) Print
Expand All

Microsoft Security Advisory 2960358

Update for Disabling RC4 in .NET TLS

Published: May 13, 2014 | Updated: October 13, 2015

Version: 2.0

On May 13, 2014, Microsoft announced the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.

As of October 13, 2015, Microsoft is broadening the affected software list to include Windows 10 systems that are running .NET Framework 3.5 applications and systems with .NET Framework 4.6 installed that are running .NET Framework 4.5/4.5.1/4.5.2 applications.

Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible. Please see the Suggested Actions section of this advisory for more information.

Known Issues. Microsoft Knowledge Base Article 2978675 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues.

Issue References

For more information about this issue, see the following references:

References

Identification

Microsoft Knowledge Base Article

2960358 

This advisory discusses the following software.

Operating System

Component

Windows 7

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 3.5.1 [1]
(2898851)

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4 [1][2]
(2938780)

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.5 [1]
(2938782)

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.5.1 [1]
(2938782)

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.5.2 [1]
(2954853)

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1 [1]
(2898851)

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4 [1][2]
(2938780)

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5 [1]
(2938782)

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.1 [1]
(2938782)

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.2 [1]
(2954853)

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1 [1]
(2898851)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4 [1][2]
(2938780)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5 [1]
(2938782)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.1 [1]
(2938782)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.2 [1]
(2954853)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1 [1]
(2898851)

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Microsoft .NET Framework 4 [1][2]
(2938780)

Windows 8 and Windows 8.1

Windows 8 for 32-bit Systems

Microsoft .NET Framework 3.5 [1]
(2898845)

Windows 8 for 32-bit Systems

Microsoft .NET Framework 4.5 [1]
(2898849)

Windows 8 for 32-bit Systems

Microsoft .NET Framework 4.5.1 [1]
(2898849)

Windows 8 for 32-bit Systems

Microsoft .NET Framework 4.5.2 [1]
(2898849)

Windows 8 for 32-bit Systems

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows 8 for 64-bit Systems

Microsoft .NET Framework 3.5 [1]
(2898845)

Windows 8 for 64-bit Systems

Microsoft .NET Framework 4.5 [1]
(2898849)

Windows 8 for 64-bit Systems

Microsoft .NET Framework 4.5.1 [1]
(2898849)

Windows 8 for 64-bit Systems

Microsoft .NET Framework 4.5.2 [1]
(2898849)

Windows 8 for 64-bit Systems

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 3.5
(2898847)

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 4.5.1
(2898850)

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 4.5.2
(2898850)

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows 8.1 for 64-bit Systems

Microsoft .NET Framework 3.5
(2898847)

Windows 8.1 for 64-bit Systems

Microsoft .NET Framework 4.5.1
(2898850)

Windows 8.1 for 64-bit Systems

Microsoft .NET Framework 4.5.2
(2898850)

Windows 8.1 for 64-bit Systems

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012

Microsoft .NET Framework 3.5 [1]
(2898845)

Windows Server 2012

Microsoft .NET Framework 4.5 [1]
(2898849)

Windows Server 2012

Microsoft .NET Framework 4.5.1 [1]
(2898849)

Windows Server 2012

Microsoft .NET Framework 4.5.2 [1]
(2898849)

Windows Server 2012

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows Server 2012 R2

Microsoft .NET Framework 3.5
(2898847)

Windows Server 2012 R2

Microsoft .NET Framework 4.5.1
(2898850)

Windows Server 2012 R2

Microsoft .NET Framework 4.5.2
(2898850)

Windows Server 2012 R2

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows RT and Windows RT 8.1

Windows RT

Microsoft .NET Framework 4.5 [1]
(2898849)

Windows RT

Microsoft .NET Framework 4.5.1 [1]
(2898849)

Windows RT

Microsoft .NET Framework 4.5.2 [1]
(2898849)

Windows RT 8.1

Microsoft .NET Framework 4.5.1
(2898850)

Windows RT 8.1

Microsoft .NET Framework 4.5.2
(2898850)

Windows 10

Windows 10 for 32-bit Systems

Microsoft .NET Framework 3.5[3]

Windows 10 for 32-bit Systems

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows 10 for x64-based Systems

Microsoft .NET Framework 3.5[3]

Windows 10 for x64-based Systems

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Server Core installation option

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 3.5.1 [1]
(2898851)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 4 [1][2]
(2938780)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 4.5 [1]
(2938782)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 4.5.1 [1]
(2938782)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 4.5.2 [1]
(2954853)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 3.5 [1]
(2898845)

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.5 [1]
(2898849)

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.5.1 [1]
(2898849)

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.5.2 [1]
(2898849)

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 3.5
(2898847)

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 4.5.1
(2898850)

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 4.5.2
(2898850)

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 4.5/4.5.1/4.5.2 on systems with .NET Framework 4.6 installed[3]

[1] Prerequisite. This update requires pre-installation of the 2868725 update released in November, 2013, or any update that installs a later file version of schannel.dll than the one released with the 2868725 update.

[2] .NET Framework 4 and .NET Framework 4 Client Profile affected. The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4 and .NET Framework 4 Client Profile. .NET Framework 4 Client Profile is a subset of .NET Framework 4. The vulnerability addressed in this update affects both .NET Framework 4 and .NET Framework 4 Client Profile. For more information, see the MSDN article, Installing the .NET Framework.

[3]Customers who are running .NET Framework 3.5 applications on Windows 10 or .NET Framework 4.5/4.5.1/4.5.2 applications on systems with .NET Framework 4.6 installed must follow the steps provided in this advisory for manually disabling RC4 in TLS. See the Suggested Actions section of this advisory for details. Note that systems running .NET Framework 4.6 only are protected by default and do not need to be updated. For more information on default behavior for .NET Framework 4.6, see Retargeting Changes in the .NET Framework 4.6

Note Windows Server Technical Preview 3 is affected. Customers running this operating system are encouraged to follow the steps provided in this advisory for manually disabling RC4 where applicable. See the Suggested Actions section of this advisory for details. 

Are there any prerequisites for installing the updates addressed in this advisory? 
Yes. Pre-installation of the 2868725 update, released in November, 2013, is a prerequisite for installing the updates addressed in this advisory, with the exception of those updates applying to Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. For more information about the prerequisite update, see Microsoft Knowledge Base Article 2868725.

Are the updates available on Windows Update? 
No. Because the updates could affect compatibility with existing applications and services by disabling the unsecured RC4 cipher, Microsoft is providing the updates on an opt-in basis only (via the Microsoft Download Center and Microsoft Update Catalog only). The updates are not being provided via Windows Update in order to give customers the ability to plan and test the new settings for disabling RC4 prior to implementation in their environments.

What is the scope of the advisory? 
The purpose of this advisory is to notify customers that an update is available for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) and also changes the SSL/TLS default protocol from TLS 1.0 | SSL 3.0 to TLS 1.2 | TLS 1.1 | TLS 1.0 if you are running a .NET application on the .NET 4.5 runtime or higher.

What might an attacker use the vulnerability to do? 
Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.

What is a man-in-the-middle attack? 
A man-in-the-middle attack occurs when an attacker reroutes communication between two users through the attacker's computer without the knowledge of the two communicating users. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user.

What does the update do? 
The update supports the removal of RC4 as an available cipher on affected systems through registry settings. Microsoft recommends that customers test any new settings for disabling RC4 prior to implementation in their environments.

What is TLS? 
Transport Layer Security (TLS) is a standard protocol that is used to provide secure web communications on the Internet or on intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. TLS is the successor to the Secure Sockets Layer (SSL) protocol.

What is RC4? 
RC4 is a stream cipher that is used in both encryption and decryption.

  • Install the update where provided for your combination of .NET Framework and operating system

    Updates are available for most affected software configurations except .NET Framework 3.5 on Windows 10 and .NET Framework 4.6 on systems running .NET Framework 4.5/4.5.1/4.5.2 applications. Note that systems with applications only targeting .NET Framework 4.6 are already protected by default; however, systems that have .NET Framework 4.6 installed that are running applications targeting .NET Framework 4.5/4.5.1/4.5.2 will need to be updated manually using the appropriate procedure below.

    The updates, where available, are provided from the Microsoft Download Center via the links in the Affected Software table.

 

  • Manually disable RC4 in TLS on systems running .NET Framework 3.5

    The following steps are primarily for customers running .NET Framework 3.5 on Windows 10 (or on Windows Server Technical Preview 3), for which an update is not available. However, for customer running .NET Framework 3.5 on all earlier affected operating systems, the manual steps serve as an optional alternative to installing the available update.

    Note These steps require the use of Registry Editor. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

    1. Create a text file named strongcrypto35-enable.reg that contains the following text:
       

      For 32-bit applications on 32-bit systems and 64-bit applications on x64-based systems:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
      "SchUseStrongCrypto"=dword:00000001
      

       

      For 32-bit applications on x64-based systems:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
      "SchUseStrongCrypto"=dword:00000001
      
    2. Run regedit.exe.
    3. In Registry Editor, click the File menu and then click Import.
    4. Navigate to and select the strongcrypto35-enable.reg file that you created in the first step.
      (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files).
    5. Click Open and then click OK
    6. Exit Registry Editor and restart the system.

 

  • Manually disable RC4 in TLS on systems running .NET Framework 4.5/4.5.1/4.5.2

    Despite the fact that an update is available for systems running .NET Framework 4.5/4.5.1/4.5.2, the following steps are primarily for customers with .NET Framework 4.5/4.5.1/4.5.2 applications running on systems with .NET Framework 4.6 present. For customers running only .NET Framework 4.5, 4.5.1, or 4.5.2, the manual steps serve as an optional alternative to installing the available update.

    Note These steps require the use of Registry Editor. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

    1. Create a text file named strongcrypto4-enable.reg that contains the following text:
       

      For 32-bit applications on 32-bit systems and 64-bit applications on x64-based systems:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
      "SchUseStrongCrypto"=dword:00000001
      

       

      For 32-bit applications on x64-based systems:

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
      "SchUseStrongCrypto"=dword:00000001
      
    2. Run regedit.exe.
    3. In Registry Editor, click the File menu and then click Import.
    4. Navigate to and select the strongcrypto4-enable.reg file that you created in the first step.
      (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files).
    5. Click Open and then click OK
    6. Exit Registry Editor and restart the system.

 

Additional Suggested Actions

  • Protect your PC

    We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.

  • Keep Microsoft Software Updated

    Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Windows 7 (all editions)

Reference Table

The following table contains the security update information for this software.

Inclusion in Future Service Packs

The update for this issue will be included in a future service pack or update rollup

Security update file name

For Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1:
Windows6.1-KB2898851-x86.msu


For Microsoft .NET Framework 4 when installed on Windows 7 for 32-bit Systems Service Pack 1:
NDP40-KB2938780-x86.exe


For Microsoft .NET Framework 4.5 when installed on Windows 7 for 32-bit Systems Service Pack 1:
NDP45-KB2938782-x86.exe


For Microsoft .NET Framework 4.5.1 when installed on Windows 7 for 32-bit Systems Service Pack 1:
NDP45-KB2938782-x86.exe


For Microsoft .NET Framework 4.5.2 when installed on Windows 7 for 32-bit Systems Service Pack 1:
NDP45-KB2954853-x86.exe


For Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1:
Windows6.1-KB2898851-x64.msu


For Microsoft .NET Framework 4 when installed on Windows 7 for x64-based Systems Service Pack 1:
NDP40-KB2938780-x64.exe


For Microsoft .NET Framework 4.5 when installed on Windows 7 for x64-based Systems Service Pack 1:
NDP45-KB2938782-x64.exe


For Microsoft .NET Framework 4.5.1 when installed on Windows 7 for x64-based Systems Service Pack 1:
NDP45-KB2938782-x64.exe


For Microsoft .NET Framework 4.5.2 when installed on Windows 7 for x64-based Systems Service Pack 1:
NDP45-KB2954853-x64.exe

Installation switches

See Microsoft Knowledge Base Article 2844699

Update log file

For Microsoft .NET Framework 3.5.1:
Not applicable


For Microsoft .NET Framework 4:
KB2938780_*_*-Microsoft .NET Framework 4 Client Profile-MSP0.txt
KB2938780_*_*.html


For Microsoft .NET Framework 4.5:
KB2938782_*_*-Microsoft .NET Framework 4.5-MSP0.txt
KB2938782_*_*.html


For Microsoft .NET Framework 4.5.1:
KB2938782_*_*-Microsoft .NET Framework 4.5.1-MSP0.txt
KB2938782_*_*.html


For Microsoft .NET Framework 4.5.2:
KB2954853_*_*-Microsoft .NET Framework 4.5.2-MSP0.txt
KB2954853_*_*.html

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base Article 2960358

Registry key verification

For Microsoft .NET Framework 3.5.1:
Note A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.


For Microsoft .NET Framework 4 when installed on all supported 32-bit editions of Windows 7:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2938780
"ThisVersionInstalled" = "Y"


For Microsoft .NET Framework 4 when installed on all supported x64-based editions of Windows 7:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2938780
"ThisVersionInstalled" = "Y"


For Microsoft .NET Framework 4.5:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.5\KB2938782
"ThisVersionInstalled" = "Y"


For Microsoft .NET Framework 4.5.1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.5.1\KB2938782
"ThisVersionInstalled" = "Y"


For Microsoft .NET Framework 4.5.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.5.2\KB2954853
"ThisVersionInstalled" = "Y"

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.

Inclusion in Future Service Packs

The update for this issue will be included in a future service pack or update rollup

Security update file name

For Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1:
Windows6.1-KB2898851-x64.msu


For Microsoft .NET Framework 4 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1:
NDP40-KB2938780-x64.exe


For Microsoft .NET Framework 4.5 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1:
NDP45-KB2938782-x64.exe


For Microsoft .NET Framework 4.5.1 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1:
NDP45-KB2938782-x64.exe


For Microsoft .NET Framework 4.5.2 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1:
NDP45-KB2954853-x64.exe


For Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
Windows6.1-KB2898851-ia64.msu


For Microsoft .NET Framework 4 when installed on Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
NDP40-KB2938780-IA64.exe

Installation switches

See Microsoft Knowledge Base Article 2844699

Update log file

For Microsoft .NET Framework 3.5.1:
Not applicable


For Microsoft .NET Framework 4:
KB2938780_*_*-Microsoft .NET Framework 4 Client Profile-MSP0.txt
KB2938780_*_*.html


For Microsoft .NET Framework 4.5:
KB2938782_*_*-Microsoft .NET Framework 4.5-MSP0.txt
KB2938782_*_*.html


For Microsoft .NET Framework 4.5.1:
KB2938782_*_*-Microsoft .NET Framework 4.5.1-MSP0.txt
KB2938782_*_*.html


For Microsoft .NET Framework 4.5.2:
KB2954853_*_*-Microsoft .NET Framework 4.5.2-MSP0.txt
KB2954853_*_*.html

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base Article 2960358

Registry key verification

For Microsoft .NET Framework 3.5.1:
Note A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.


For Microsoft .NET Framework 4:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2938780
"ThisVersionInstalled" = "Y"


For Microsoft .NET Framework 4.5:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.5\KB2938782
"ThisVersionInstalled" = "Y"


For Microsoft .NET Framework 4.5.1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.5.1\KB2938782
"ThisVersionInstalled" = "Y"


For Microsoft .NET Framework 4.5.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 4.5.2\KB2954853
"ThisVersionInstalled" = "Y"

Windows 8 (all editions) and Windows 8.1 (all editions)

Reference Table

The following table contains the security update information for this software.

Inclusion in Future Service Packs

The update for this issue will be included in a future service pack or update rollup

Security update file name

For Microsoft .NET Framework 3.5 on Windows 8 for 32-bit Systems:
Windows8-RT-KB2898845-x86.msu


For Microsoft .NET Framework 4.5 on Windows 8 for 32-bit Systems:
Windows8-RT-KB2898849-x86.msu


For Microsoft .NET Framework 4.5.1 on Windows 8 for 32-bit Systems:
Windows8-RT-KB2898849-x86.msu


For Microsoft .NET Framework 4.5.2 on Windows 8 for 32-bit Systems:
Windows8-RT-KB2898849-x86.msu


For Microsoft .NET Framework 3.5 on Windows 8 for 64-bit Systems:
Windows8-RT-KB2898845-x64.msu


For Microsoft .NET Framework 4.5 on Windows 8 for 64-bit Systems:
Windows8-RT-KB2898849-x64.msu


For Microsoft .NET Framework 4.5.1 on Windows 8 for 64-bit Systems:
Windows8-RT-KB2898849-x64.msu


For Microsoft .NET Framework 4.5.2 on Windows 8 for 64-bit Systems:
Windows8-RT-KB2898849-x64.msu


For Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit Systems:
Windows8.1-KB2898847-x86.msu


For Microsoft .NET Framework 4.5.1 on Windows 8.1 for 32-bit Systems:
Windows8.1-KB2898850-x86.msu


For Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit Systems:
Windows8.1-KB2898850-x86.msu


For Microsoft .NET Framework 3.5 on Windows 8.1 for 64-bit Systems:
Windows8.1-KB2898847-x64.msu


For Microsoft .NET Framework 4.5.1 on Windows 8.1 for 64-bit Systems:
Windows8.1-KB2898850-x64.msu


For Microsoft .NET Framework 4.5.2 on Windows 8.1 for 64-bit Systems:
Windows8.1-KB2898850-x64.msu

Installation switches

See Microsoft Knowledge Base Article 2844699

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base Article 2960358

Registry key verification

For Microsoft .NET Framework 3.5:
Note A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.


For Microsoft .NET Framework 4.5:
Note A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.


For Microsoft .NET Framework 4.5.1:

Note A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.


For Microsoft .NET Framework 4.5.2:

Note A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

Windows Server 2012 (all editions) and Windows Server 2012 R2 (all editions)

Reference Table

The following table contains the security update information for this software.

Inclusion in Future Service Packs

The update for this issue will be included in a future service pack or update rollup

Security update file name

For Microsoft .NET Framework 3.5 on Windows Server 2012:
Windows8-RT-KB2898845-x64.msu


For Microsoft .NET Framework 4.5 on Windows Server 2012:
Windows8-RT-KB2898849-x64.msu


For Microsoft .NET Framework 4.5.1 on Windows Server 2012:
Windows8-RT-KB2898849-x64.msu


For Microsoft .NET Framework 4.5.2 on Windows Server 2012:
Windows8-RT-KB2898849-x64.msu


For Microsoft .NET Framework 3.5 on Windows Server 2012 R2:
Windows8.1-KB2898847-x64.msu


For Microsoft .NET Framework 4.5.1 on Windows Server 2012 R2:
Windows8.1-KB2898850-x64.msu


For Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2:
Windows8.1-KB2898850-x64.msu

Installation switches

See Microsoft Knowledge Base Article 2844699

Restart requirement

This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

Click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base Article 2960358

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows RT (all editions) and Windows RT 8.1 (all editions)

The following table contains the security update information for this software.

Deployment

For Microsoft .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows RT:
Update 2898849 is available from the Microsoft Download Center.


For Microsoft .NET Framework 4.5.1 and 4.5.1 on Windows RT 8.1:
Update 2898850 is available from the Microsoft Download Center.

Restart Requirement

A system restart is required after applying this security update.

Removal Information

Click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.

File Information

See Microsoft Knowledge Base Article 2960358

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

Support

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (May 13, 2014): Advisory published.
  • V1.1 (June 19, 2014): Added link to Microsoft Knowledge Base Article 2978675 under Known Issues in the Executive Summary.
  • V1.2 (July 8, 2014): Advisory revised to announce a Microsoft Update Catalog detection change for the updates requiring installation of the 2868725 prerequisite update. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
  • V2.0 (October 13, 2015): Advisory revised to broaden the affected software list to include Windows 10 systems that are running .NET Framework 3.5 applications and systems with .NET Framework 4.6 installed that are running .NET Framework 4.5/4.5.1/4.5.2 applications, and to provide customers running these configurations with steps for manually disabling RC4 in TLS. See the Affected Software and Suggested Actions sections of this advisory for more information.

Page generated 2015-10-14 12:37-07:00.
Show:
© 2016 Microsoft