This host is missing a critical security update according to Microsoft Bulletin MS11-100.

Successful exploitation could allow attacker to cause a denial of service, conduct spoofing attacks or bypass certain security restrictions. Impact Level: System/Application

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-100

- An error within ASP.NET when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request. - Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL. - The Forms Authentication feature in the ASP.NET subsystem allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username. - The Forms Authentication feature in the ASP.NET subsystem when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL.

Microsoft .NET Framework 4 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1

• http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx
• http://secunia.com/advisories/47323
• http://technet.microsoft.com/en-us/security/bulletin/ms11-100
• http://www.kb.cert.org/vuls/id/903934
• http://www.nruns.com/_downloads/advisory28122011.pdf
• http://www.ocert.org/advisories/ocert-2011-003.html

---

Updated on 2015-03-25