A vulnerability in the Microsoft .NET Framework was discovered during a routine security conference on December 28, 2011. The vulnerability allows an attacker to gain unauthorized access to any application using the .NET Framework, including partner-hosted Microsoft Dynamics CRM, on-premise Microsoft Dynamics CRM, and Microsoft Dynamics CRM Online.
Microsoft released a security update the next day, fixing this vulnerability and three privately-reported vulnerabilities.
The security update is available for automatic download and installation through Windows Update. We recommend our readers use Windows Update and either search for updates manually or enable automatic updates.
The security update is also available for download on Microsoft security bulletin MS11-100.
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4
Affected Operating System:
Windows Server 2003
Windows Server 2008