Microsoft Security Bulletin MS16-035 - Important

Security Update for .NET Framework to Address Security Feature Bypass (3141780)

Published: March 8, 2016 | Updated: November 8, 2016

Version: 2.6

This security update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.

This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows. For more information, see the Affected Software section.

The update addresses the vulnerability by correcting how the .NET Framework validates XML documents. For more information about the vulnerability, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3141780.

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the March bulletin summary.

 

Operating System

Component                                                            

.NET XML Validation Security Feature Bypass - CVE-2016-0132

Updates Replaced         

Windows Vista

Windows Vista Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2
(3135982)

Important 
Security Feature Bypass

2863253 in MS13-082
3035485 in MS15-048

Windows Vista Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2
(3135987)

Important 
Security Feature Bypass

2832412 in MS13-052
3099860 in MS15-128

Windows Vista Service Pack 2

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows Vista Service Pack 2

Microsoft .NET Framework 4.6 [1]
(3136000)

Important 
Security Feature Bypass

None

Windows Vista x64 Edition Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2
(3135982)

Important 
Security Feature Bypass

2863253 in MS13-082
3035485 in MS15-048

Windows Vista x64 Edition Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2
(3135987)

Important 
Security Feature Bypass

2832412 in MS13-052
3099860 in MS15-128

Windows Vista x64 Edition Service Pack 2

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows Vista x64 Edition Service Pack 2

Microsoft .NET Framework 4.6 [1]
(3136000)

Important 
Security Feature Bypass

None

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2
(3135982)

Important 
Security Feature Bypass

2863253 in MS13-082
3035485 in MS15-048

Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2
(3135987)

Important 
Security Feature Bypass

2832412 in MS13-052
3099860 in MS15-128

Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 4.6 [1]
(3136000)

Important 
Security Feature Bypass

None

Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2
(3135982)

Important 
Security Feature Bypass

2863253 in MS13-082
3035485 in MS15-048

Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2
(3135987)

Important 
Security Feature Bypass

2832412 in MS13-052
3099860 in MS15-128

Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft .NET Framework 4.6 [1]
(3136000)

Important 
Security Feature Bypass

None

Windows Server 2008 for Itanium-based Systems Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2
(3135982)

Important 
Security Feature Bypass

2863253 in MS13-082
3035485 in MS15-048

Windows 7

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 3.5.1
(3135983)

Important 
Security Feature Bypass

2863240 in MS13-082
3032655 in MS15-048

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 3.5.1
(3135988)

Important 
Security Feature Bypass

3099862in MS12-025

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.6/4.6.1 [1]
(3136000)

Important 
Security Feature Bypass

None

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1
(3135983)

Important 
Security Feature Bypass

2863240 in MS13-082
3032655 in MS15-048

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1
(3135988)

Important 
Security Feature Bypass

3099862in MS12-025

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.6/4.6.1 [1]
(3136000)

Important 
Security Feature Bypass

None

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1
(3135983)

Important 
Security Feature Bypass

2863240 in MS13-082
3032655 in MS15-048

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1
(3135988)

Important 
Security Feature Bypass

3099862in MS12-025

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.6/4.6.1 [1]
(3136000)

Important 
Security Feature Bypass

None

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Microsoft .NET Framework 3.5.1
(3135983)

Important 
Security Feature Bypass

2863240 in MS13-082
3032655 in MS15-048

Windows 8.1

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 3.5
(3135985)

Important 
Security Feature Bypass

3035487 in MS15-048

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 3.5
(3135991)

Important 
Security Feature Bypass

3099864 in MS15-128

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 4.5.2 [1]
(3135994)

Important 
Security Feature Bypass

3032663 in MS15-048

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 4.6/4.6.1 [1]
(3135998)

Important 
Security Feature Bypass

None

Windows 8.1 for x64-based Systems

Microsoft .NET Framework 3.5
(3135985)

Important 
Security Feature Bypass

3035487 in MS15-048

Windows 8.1 for x64-based Systems

Microsoft .NET Framework 3.5
(3135991)

Important 
Security Feature Bypass

3099864 in MS15-128

Windows 8.1 for x64-based Systems

Microsoft .NET Framework 4.5.2 [1]
(3135994)

Important 
Security Feature Bypass

3032663 in MS15-048

Windows 8.1 for x64-based Systems

Microsoft .NET Framework 4.6/4.6.1 [1]
(3135998)

Important 
Security Feature Bypass

None

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012

Microsoft .NET Framework 3.5
(3135984)

Important 
Security Feature Bypass

2863243 in MS13-082
3035486 in MS15-048

Windows Server 2012

Microsoft .NET Framework 3.5
(3135989)

Important 
Security Feature Bypass

2832418 in MS13-052
3099863 in MS15-128

Windows Server 2012

Microsoft .NET Framework 4.5.2 [1]
(3135995)

Important 
Security Feature Bypass

3035489 in MS15-048

Windows Server 2012

Microsoft .NET Framework 4.6/4.6.1 [1]
(3135997)

Important 
Security Feature Bypass

None

Windows Server 2012 R2

Microsoft .NET Framework 3.5
(3135985)

Important 
Security Feature Bypass

3035487 in MS15-048

Windows Server 2012 R2

Microsoft .NET Framework 3.5
(3135991)

Important 
Security Feature Bypass

3099864 in MS15-128

Windows Server 2012 R2

Microsoft .NET Framework 4.5.2 [1]
(3135994)

Important 
Security Feature Bypass

3032663 in MS15-048

Windows Server 2012 R2

Microsoft .NET Framework 4.6/4.6.1 [1]
(3135998)

Important 
Security Feature Bypass

None

Windows RT 8.1

Windows RT 8.1

Microsoft .NET Framework 4.5.2[1][2]
(3135994)

Important 
Security Feature Bypass

3032663 in MS15-048

Windows RT 8.1

Microsoft .NET Framework 4.6/4.6.1[1][2]
(3135998)

Important 
Security Feature Bypass

None

Windows 10

Windows 10 for 32-bit Systems [3]
(3140745)

Microsoft .NET Framework 3.5

Important 
Security Feature Bypass

3124266

Windows 10 for 32-bit Systems [3]
(3140745)

Microsoft .NET Framework 4.6/4.6.1

Important 
Security Feature Bypass

3124266

Windows 10 for x64-based Systems [3]
(3140745)

Microsoft .NET Framework 3.5

Important 
Security Feature Bypass

3124266

Windows 10 for x64-based Systems [3]
(3140745)

Microsoft .NET Framework 4.6/4.6.1

Important 
Security Feature Bypass

3124266

Windows 10 Version 1511 for 32-bit Systems [3]
(3140768)

Microsoft .NET Framework 3.5

Important 
Security Feature Bypass

3124263

Windows 10 Version 1511 for 32-bit Systems [3]
(3140768)

Microsoft .NET Framework 4.6.1

Important 
Security Feature Bypass

3124263

Windows 10 Version 1511 for x64-based Systems [3]
(3140768)

Microsoft .NET Framework 3.5

Important 
Security Feature Bypass

3124263

Windows 10 Version 1511 for x64-based Systems [3]
(3140768)

Microsoft .NET Framework 4.6.1

Important 
Security Feature Bypass

3124263

Server Core installation option

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 3.5.1
(3135983)

Important 
Security Feature Bypass

2863240 in MS13-082
3032655 in MS15-048

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 3.5.1
(3135988)

Important 
Security Feature Bypass

3099862in MS12-025

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 4.5.2 [1]
(3135996)

Important 
Security Feature Bypass

3035490 in MS15-048

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 3.5
(3135984)

Important 
Security Feature Bypass

2863243 in MS13-082
3035486 in MS15-048

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 3.5
(3135989)

Important 
Security Feature Bypass

2832418 in MS13-052
3099863 in MS15-128

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.5.2 [1]
(3135995)

Important 
Security Feature Bypass

3035489 in MS15-048

Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.6/4.6.1 [1]
(3135997)

Important 
Security Feature Bypass

None

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 3.5
(3135985)

Important 
Security Feature Bypass

3035487 in MS15-048

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 3.5
(3135991)

Important 
Security Feature Bypass

3099864 in MS15-128

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 4.5.2 [1]
(3135994)

Important 
Security Feature Bypass

3032663 in MS15-048

Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 4.6/4.6.1 [1]
(3135998)

Important 
Security Feature Bypass

None

[1]For information about changes in support for .NET Framework 4.x, see Internet Explorer and .NET Framework 4.x Support Announcements.

[2]Windows RT 8.1 updates are available only via Windows Update.

[3]Windows 10 updates are cumulative. In addition to containing non-security updates, they also contain all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with the monthly security release. The updates are available via the Microsoft Update Catalog.

Note Windows Server Technical Preview 4 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.

Why was this bulletin re-released on May 10, 2016? 
To address certain printing issues customers may have experienced after installing the security updates for Microsoft .NET Framework 4.5.2 or Microsoft .NET Framework 4.6/4.6.1, the updates for these versions of Microsoft .NET Framework have been re-released as follows:

  • The updates for Microsoft .NET Framework 4.5.2 have been re-released to Limited Distribution Release (LDR) customers only.
  • The updates for Microsoft .NET Framework 4.6/4.6.1 have been re-released to all customers.

Please note that these re-releases are available via Windows Update and the Microsoft Update Catalog.

Security update

Operating System

Component

3135996

Windows Vista Service Pack 2

Microsoft .NET Framework 4.5.2


Windows Vista x64 Edition Service Pack 2

Microsoft .NET Framework 4.5.2


Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 4.5.2


Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft .NET Framework 4.5.2


Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.5.2


Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.2


Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.5.2


Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Microsoft .NET Framework 4.5.2

3135995

Windows Server 2012

Microsoft .NET Framework 4.5.2


Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.5.2

3135994

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 4.5.2


Windows 8.1 for x64-based Systems

Microsoft .NET Framework 4.5.2


Windows Server 2012 R2

Microsoft .NET Framework 4.5.2


Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 4.5.2


Windows RT 8.1

Microsoft .NET Framework 4.5.2

3136000

Windows Vista Service Pack 2

Microsoft .NET Framework 4.6


Windows Vista x64 Edition Service Pack 2

Microsoft .NET Framework 4.6


Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 4.6


Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft .NET Framework 4.6


Windows 7 for 32-bit Systems Service Pack 1

Microsoft .NET Framework 4.6/4.6.1


Windows 7 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.6/4.6.1


Windows Server 2008 R2 for x64-based Systems Service Pack 1

Microsoft .NET Framework 4.6/4.6.1

3135997

Windows Server 2012

Microsoft .NET Framework 4.6/4.6.1


Windows Server 2012 (Server Core installation)

Microsoft .NET Framework 4.6/4.6.1

3135998

Windows 8.1 for 32-bit Systems

Microsoft .NET Framework 4.6/4.6.1


Windows 8.1 for x64-based Systems

Microsoft .NET Framework 4.6/4.6.1


Windows Server 2012 R2

Microsoft .NET Framework 4.6/4.6.1


Windows Server 2012 R2 (Server Core installation)

Microsoft .NET Framework 4.6/4.6.1


Windows RT 8.1

Microsoft .NET Framework 4.6/4.6.1

How do I determine which version of the Microsoft .NET Framework is installed? 
You can install and run multiple versions of the .NET Framework on a system, and you can install the versions in any order. There are several ways to determine which versions of the .NET Framework are currently installed. For more information, see Microsoft Knowledge Base Article 318785.

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Affected Software table for the software? 
Yes. Customers should apply all updates offered for the software installed on their systems.

Do I need to install these security updates in a particular sequence? 
No. Multiple updates for a given system can be applied in any sequence.

.NET XML Validation Security Feature Bypass - CVE-2016-0132

A security feature bypass vulnerability exists in a .NET Framework component that does not properly validate certain elements of a signed XML document. An attacker who successfully exploited the vulnerability could modify the contents of an XML file without invalidating the signature associated with the file. If a .NET application relies on the signature to be non-malicious, the behavior of the application could become unpredictable. In custom applications, the security impact depends on the specific usage scenario.

In a .NET application attack scenario, an attacker could modify the contents of an XML file without invalidating the signature associated with the file. The update addresses the vulnerability by correcting how the .NET Framework validates XML documents.

The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title

CVE number

Publicly disclosed

Exploited

.NET XML Validation Security Feature Bypass

CVE-2016-0132

No

No

Mitigating Factors

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

  • V1.0 (March 8, 2016): Bulletin published.
  • V2.0 (May 10, 2016): Revised bulletin to announce the security updates for Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6/4.6.1 have been rereleased to address issues with certain printing scenarios. The rereleases are available via Windows Update and the Microsoft Update Catalog. Note that this re-release applies only to LDR (Limited Distribution Release) customers. GDR (General Distribution Release) customers are not affected. For more information about the specific security updates that were re-released, see the Update FAQs section of this bulletin (MS16-035).
  • V2.1 (May 18, 2016): Revised bulletin to clarify the distribution audience for the Microsoft .NET Framework 4.5.2 and Microsoft .NET Framework 4.6/4.6.1 security updates that were re-released on May 10, 2016, as follows: The security updates for Microsoft .NET Framework 4.5.2 have been re-released to Limited Distribution Release (LDR) customers only. The security updates for Microsoft .NET Framework 4.6/4.6.1 have been re-released to all customers.
  • V2.2 (July 13, 2016): Revised bulletin to inform customers that the 3135996 update has been refreshed. This is an informational notification only. Customers who have already successfully installed the update do not need to take any further action.
  • V2.3 (August 11, 2016): Revised bulletin to announce a detection change to correct an offering issue for 3135996. This is a detection change only. There were no changes to the update files. Customers who have already successfully installed the update do not need to take any action.
  • V2.4 (August 11, 2016): Clarification to rev note v2.3 - A newer version of update 3135996 was made available to all customers, not only Limited Distribution Release (LDR) customers. Some customers may have not been offered this latest version between 7/13/2016 and 8/11/2016. The last version of update 3135996 released on 8/11/2016 will bring customers to an up to date state.
  • V2.5 (October 11, 2016): Revised bulletin to announce the security updates 3135994 and 3135995 for Microsoft .NET Framework 4.5.2 on Windows Server 2012, Windows 8.1 and Windows Server 2012 R2 have been rereleased to the WSUS channel exclusively. This re-release does not apply to Windows Update or Microsoft Update Catalog customers. This re-release addresses an offering issue that prevented certain GDR customers within WSUS environments from receiving these updates if they had enabled the “automatically decline updates when a new revision causes them to expire” feature. There are no changes to the file payload. If customers have already successfully deployed updates 3135994 and 3135995, they do not need to take any action.
  • V2.6 (November 8, 2016): Revised bulletin to announce that a detection change was made to account for .NET Framework 4.6.1 hotfix rollup customers who were not being properly offered security updates applicable to .NET Framework 4.6.1.
Page generated 2016-11-28 12:58-08:00.
Show: