Microsoft Security Bulletin MS16-035 - Important
Security Update for .NET Framework to Address Security Feature Bypass (3141780)
Published: March 8, 2016 | Updated: November 8, 2016
Version: 2.6
Executive Summary
This security update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows. For more information, see the Affected Software section.
The update addresses the vulnerability by correcting how the .NET Framework validates XML documents. For more information about the vulnerability, see the Vulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3141780.
Affected Software and Vulnerability Severity Ratings
The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the March bulletin summary.
**Operating System** | **Component** | [**.NET XML Validation Security Feature Bypass - CVE-2016-0132**](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0132) | **Updates Replaced** |
**Windows Vista** | |||
Windows Vista Service Pack 2 | [Microsoft .NET Framework 2.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=f59111d4-a791-4377-9d07-47e45509f847) (3135982) | **Important** Security Feature Bypass | 2863253 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3035485 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Vista Service Pack 2 | [Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=9aaa4dca-7b0f-4fa1-b797-b0269bfb92cd) (3135987) | **Important** Security Feature Bypass | 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844) 3099860 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Vista Service Pack 2 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Vista Service Pack 2 | [Microsoft .NET Framework 4.6](https://www.microsoft.com/downloads/details.aspx?familyid=08d70c3e-0199-49c5-8479-601de222f2fb) [1] (3136000) | **Important** Security Feature Bypass | None |
Windows Vista x64 Edition Service Pack 2 | [Microsoft .NET Framework 2.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=f59111d4-a791-4377-9d07-47e45509f847) (3135982) | **Important** Security Feature Bypass | 2863253 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3035485 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Vista x64 Edition Service Pack 2 | [Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=9aaa4dca-7b0f-4fa1-b797-b0269bfb92cd) (3135987) | **Important** Security Feature Bypass | 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844) 3099860 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Vista x64 Edition Service Pack 2 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Vista x64 Edition Service Pack 2 | [Microsoft .NET Framework 4.6](https://www.microsoft.com/downloads/details.aspx?familyid=08d70c3e-0199-49c5-8479-601de222f2fb) [1] (3136000) | **Important** Security Feature Bypass | None |
**Windows Server 2008** | |||
Windows Server 2008 for 32-bit Systems Service Pack 2 | [Microsoft .NET Framework 2.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=f59111d4-a791-4377-9d07-47e45509f847) (3135982) | **Important** Security Feature Bypass | 2863253 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3035485 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2008 for 32-bit Systems Service Pack 2 | [Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=9aaa4dca-7b0f-4fa1-b797-b0269bfb92cd) (3135987) | **Important** Security Feature Bypass | 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844) 3099860 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2008 for 32-bit Systems Service Pack 2 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2008 for 32-bit Systems Service Pack 2 | [Microsoft .NET Framework 4.6](https://www.microsoft.com/downloads/details.aspx?familyid=08d70c3e-0199-49c5-8479-601de222f2fb) [1] (3136000) | **Important** Security Feature Bypass | None |
Windows Server 2008 for x64-based Systems Service Pack 2 | [Microsoft .NET Framework 2.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=f59111d4-a791-4377-9d07-47e45509f847) (3135982) | **Important** Security Feature Bypass | 2863253 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3035485 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2008 for x64-based Systems Service Pack 2 | [Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=9aaa4dca-7b0f-4fa1-b797-b0269bfb92cd) (3135987) | **Important** Security Feature Bypass | 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844) 3099860 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2008 for x64-based Systems Service Pack 2 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2008 for x64-based Systems Service Pack 2 | [Microsoft .NET Framework 4.6](https://www.microsoft.com/downloads/details.aspx?familyid=08d70c3e-0199-49c5-8479-601de222f2fb) [1] (3136000) | **Important** Security Feature Bypass | None |
Windows Server 2008 for Itanium-based Systems Service Pack 2 | [Microsoft .NET Framework 2.0 Service Pack 2](https://www.microsoft.com/downloads/details.aspx?familyid=f59111d4-a791-4377-9d07-47e45509f847) (3135982) | **Important** Security Feature Bypass | 2863253 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3035485 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
**Windows 7** | |||
Windows 7 for 32-bit Systems Service Pack 1 | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=5223b79d-1b6b-4d43-944d-78050fb298fa) (3135983) | **Important** Security Feature Bypass | 2863240 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3032655 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 7 for 32-bit Systems Service Pack 1 | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=34463fbf-825d-40b7-961c-0254a7a330e1) (3135988) | **Important** Security Feature Bypass | 3099862in [MS12-025](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows 7 for 32-bit Systems Service Pack 1 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 7 for 32-bit Systems Service Pack 1 | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=08d70c3e-0199-49c5-8479-601de222f2fb)[1] (3136000) | **Important** Security Feature Bypass | None |
Windows 7 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=5223b79d-1b6b-4d43-944d-78050fb298fa) (3135983) | **Important** Security Feature Bypass | 2863240 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3032655 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 7 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=34463fbf-825d-40b7-961c-0254a7a330e1) (3135988) | **Important** Security Feature Bypass | 3099862in [MS12-025](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows 7 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 7 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=08d70c3e-0199-49c5-8479-601de222f2fb)[1] (3136000) | **Important** Security Feature Bypass | None |
**Windows Server 2008 R2** | |||
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=5223b79d-1b6b-4d43-944d-78050fb298fa) (3135983) | **Important** Security Feature Bypass | 2863240 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3032655 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=34463fbf-825d-40b7-961c-0254a7a330e1) (3135988) | **Important** Security Feature Bypass | 3099862in [MS12-025](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=08d70c3e-0199-49c5-8479-601de222f2fb)[1] (3136000) | **Important** Security Feature Bypass | None |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=5223b79d-1b6b-4d43-944d-78050fb298fa) (3135983) | **Important** Security Feature Bypass | 2863240 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3032655 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
**Windows 8.1** | |||
Windows 8.1 for 32-bit Systems | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=4e78bfa5-2d25-4f69-b714-c8956f7af698) (3135985) | **Important** Security Feature Bypass | 3035487 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 8.1 for 32-bit Systems | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=cabdd7b6-0c4f-431a-9748-90179bb2b119) (3135991) | **Important** Security Feature Bypass | 3099864 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows 8.1 for 32-bit Systems | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=7b086e0b-71c1-4cd6-b143-f6f0d5e64867)[1] (3135994) | **Important** Security Feature Bypass | 3032663 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 8.1 for 32-bit Systems | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=b842bf4d-06fb-4645-b7b2-b3b2c293fc50)[1] (3135998) | **Important** Security Feature Bypass | None |
Windows 8.1 for x64-based Systems | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=4e78bfa5-2d25-4f69-b714-c8956f7af698) (3135985) | **Important** Security Feature Bypass | 3035487 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 8.1 for x64-based Systems | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=cabdd7b6-0c4f-431a-9748-90179bb2b119) (3135991) | **Important** Security Feature Bypass | 3099864 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows 8.1 for x64-based Systems | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=7b086e0b-71c1-4cd6-b143-f6f0d5e64867)[1] (3135994) | **Important** Security Feature Bypass | 3032663 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows 8.1 for x64-based Systems | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=b842bf4d-06fb-4645-b7b2-b3b2c293fc50)[1] (3135998) | **Important** Security Feature Bypass | None |
**Windows Server 2012 and Windows Server 2012 R2** | |||
Windows Server 2012 | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=030688ed-7d28-466c-affb-d53d64ca08e8) (3135984) | **Important** Security Feature Bypass | 2863243 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3035486 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=a6da83f7-86aa-4510-8b4e-171f9f1a2f5f) (3135989) | **Important** Security Feature Bypass | 2832418 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844) 3099863 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2012 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=35d878df-03df-49e1-aa3b-705bcb603546)[1] (3135995) | **Important** Security Feature Bypass | 3035489 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=ba5f9b40-6c85-428d-9a0d-56e5e8789462)[1] (3135997) | **Important** Security Feature Bypass | None |
Windows Server 2012 R2 | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=4e78bfa5-2d25-4f69-b714-c8956f7af698) (3135985) | **Important** Security Feature Bypass | 3035487 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 R2 | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=cabdd7b6-0c4f-431a-9748-90179bb2b119) (3135991) | **Important** Security Feature Bypass | 3099864 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2012 R2 | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=7b086e0b-71c1-4cd6-b143-f6f0d5e64867)[1] (3135994) | **Important** Security Feature Bypass | 3032663 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 R2 | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=b842bf4d-06fb-4645-b7b2-b3b2c293fc50)[1] (3135998) | **Important** Security Feature Bypass | None |
**Windows RT 8.1** | |||
Windows RT 8.1 | Microsoft .NET Framework 4.5.2[1][2] (3135994) | **Important** Security Feature Bypass | 3032663 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows RT 8.1 | Microsoft .NET Framework 4.6/4.6.1[1][2] (3135998) | **Important** Security Feature Bypass | None |
**Windows 10** | |||
[Windows 10 for 32-bit Systems](https://support.microsoft.com/kb/3140745)[3] (3140745) | Microsoft .NET Framework 3.5 | **Important** Security Feature Bypass | [3124266](https://support.microsoft.com/kb/3124266) |
[Windows 10 for 32-bit Systems](https://support.microsoft.com/kb/3140745)[3] (3140745) | Microsoft .NET Framework 4.6/4.6.1 | **Important** Security Feature Bypass | [3124266](https://support.microsoft.com/kb/3124266) |
[Windows 10 for x64-based Systems](https://support.microsoft.com/kb/3140745)[3] (3140745) | Microsoft .NET Framework 3.5 | **Important** Security Feature Bypass | [3124266](https://support.microsoft.com/kb/3124266) |
[Windows 10 for x64-based Systems](https://support.microsoft.com/kb/3140745)[3] (3140745) | Microsoft .NET Framework 4.6/4.6.1 | **Important** Security Feature Bypass | [3124266](https://support.microsoft.com/kb/3124266) |
[Windows 10 Version 1511 for 32-bit Systems](https://support.microsoft.com/kb/3140768)[3] (3140768) | Microsoft .NET Framework 3.5 | **Important** Security Feature Bypass | [3124263](https://support.microsoft.com/kb/3124263) |
[Windows 10 Version 1511 for 32-bit Systems](https://support.microsoft.com/kb/3140768)[3] (3140768) | Microsoft .NET Framework 4.6.1 | **Important** Security Feature Bypass | [3124263](https://support.microsoft.com/kb/3124263) |
[Windows 10 Version 1511 for x64-based Systems](https://support.microsoft.com/kb/3140768)[3] (3140768) | Microsoft .NET Framework 3.5 | **Important** Security Feature Bypass | [3124263](https://support.microsoft.com/kb/3124263) |
[Windows 10 Version 1511 for x64-based Systems](https://support.microsoft.com/kb/3140768)[3] (3140768) | Microsoft .NET Framework 4.6.1 | **Important** Security Feature Bypass | [3124263](https://support.microsoft.com/kb/3124263) |
**Server Core installation option** | |||
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=5223b79d-1b6b-4d43-944d-78050fb298fa) (3135983) | **Important** Security Feature Bypass | 2863240 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3032655 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | [Microsoft .NET Framework 3.5.1](https://www.microsoft.com/downloads/details.aspx?familyid=34463fbf-825d-40b7-961c-0254a7a330e1) (3135988) | **Important** Security Feature Bypass | 3099862in [MS12-025](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=f626907d-517f-4b46-8069-1b25cc57dc25)[1] (3135996) | **Important** Security Feature Bypass | 3035490 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 (Server Core installation) | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=030688ed-7d28-466c-affb-d53d64ca08e8) (3135984) | **Important** Security Feature Bypass | 2863243 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048) 3035486 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 (Server Core installation) | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=a6da83f7-86aa-4510-8b4e-171f9f1a2f5f) (3135989) | **Important** Security Feature Bypass | 2832418 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844) 3099863 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2012 (Server Core installation) | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=35d878df-03df-49e1-aa3b-705bcb603546)[1] (3135995) | **Important** Security Feature Bypass | 3035489 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 (Server Core installation) | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=ba5f9b40-6c85-428d-9a0d-56e5e8789462)[1] (3135997) | **Important** Security Feature Bypass | None |
Windows Server 2012 R2 (Server Core installation) | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=4e78bfa5-2d25-4f69-b714-c8956f7af698) (3135985) | **Important** Security Feature Bypass | 3035487 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 R2 (Server Core installation) | [Microsoft .NET Framework 3.5](https://www.microsoft.com/downloads/details.aspx?familyid=cabdd7b6-0c4f-431a-9748-90179bb2b119) (3135991) | **Important** Security Feature Bypass | 3099864 in [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) |
Windows Server 2012 R2 (Server Core installation) | [Microsoft .NET Framework 4.5.2](https://www.microsoft.com/downloads/details.aspx?familyid=7b086e0b-71c1-4cd6-b143-f6f0d5e64867)[1] (3135994) | **Important** Security Feature Bypass | 3032663 in [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) |
Windows Server 2012 R2 (Server Core installation) | [Microsoft .NET Framework 4.6/4.6.1](https://www.microsoft.com/downloads/details.aspx?familyid=b842bf4d-06fb-4645-b7b2-b3b2c293fc50)[1] (3135998) | **Important** Security Feature Bypass | None |
[2]Windows RT 8.1 updates are available only via Windows Update.
[3]Windows 10 updates are cumulative. In addition to containing non-security updates, they also contain all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with the monthly security release. The updates are available via the Microsoft Update Catalog.
Note Windows Server Technical Preview 4 is affected. Customers running this operating system are encouraged to apply the update, which is available via Windows Update.
Update FAQs
Why was this bulletin re-released on May 10, 2016?
To address certain printing issues customers may have experienced after installing the security updates for Microsoft .NET Framework 4.5.2 or Microsoft .NET Framework 4.6/4.6.1, the updates for these versions of Microsoft .NET Framework have been re-released as follows:
- The updates for Microsoft .NET Framework 4.5.2 have been re-released to Limited Distribution Release (LDR) customers only.
- The updates for Microsoft .NET Framework 4.6/4.6.1 have been re-released to all customers.
Please note that these re-releases are available via Windows Update and the Microsoft Update Catalog.
Security update | Operating System | Component |
3135996 | Windows Vista Service Pack 2 | Microsoft .NET Framework 4.5.2 |
Windows Vista x64 Edition Service Pack 2 | Microsoft .NET Framework 4.5.2 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Microsoft .NET Framework 4.5.2 | |
Windows Server 2008 for x64-based Systems Service Pack 2 | Microsoft .NET Framework 4.5.2 | |
Windows 7 for 32-bit Systems Service Pack 1 | Microsoft .NET Framework 4.5.2 | |
Windows 7 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.5.2 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.5.2 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Microsoft .NET Framework 4.5.2 | |
3135995 | Windows Server 2012 | Microsoft .NET Framework 4.5.2 |
Windows Server 2012 (Server Core installation) | Microsoft .NET Framework 4.5.2 | |
3135994 | Windows 8.1 for 32-bit Systems | Microsoft .NET Framework 4.5.2 |
Windows 8.1 for x64-based Systems | Microsoft .NET Framework 4.5.2 | |
Windows Server 2012 R2 | Microsoft .NET Framework 4.5.2 | |
Windows Server 2012 R2 (Server Core installation) | Microsoft .NET Framework 4.5.2 | |
Windows RT 8.1 | Microsoft .NET Framework 4.5.2 | |
3136000 | Windows Vista Service Pack 2 | Microsoft .NET Framework 4.6 |
Windows Vista x64 Edition Service Pack 2 | Microsoft .NET Framework 4.6 | |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Microsoft .NET Framework 4.6 | |
Windows Server 2008 for x64-based Systems Service Pack 2 | Microsoft .NET Framework 4.6 | |
Windows 7 for 32-bit Systems Service Pack 1 | Microsoft .NET Framework 4.6/4.6.1 | |
Windows 7 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.6/4.6.1 | |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Microsoft .NET Framework 4.6/4.6.1 | |
3135997 | Windows Server 2012 | Microsoft .NET Framework 4.6/4.6.1 |
Windows Server 2012 (Server Core installation) | Microsoft .NET Framework 4.6/4.6.1 | |
3135998 | Windows 8.1 for 32-bit Systems | Microsoft .NET Framework 4.6/4.6.1 |
Windows 8.1 for x64-based Systems | Microsoft .NET Framework 4.6/4.6.1 | |
Windows Server 2012 R2 | Microsoft .NET Framework 4.6/4.6.1 | |
Windows Server 2012 R2 (Server Core installation) | Microsoft .NET Framework 4.6/4.6.1 | |
Windows RT 8.1 | Microsoft .NET Framework 4.6/4.6.1 |
Vulnerability title | CVE number | Publicly disclosed | Exploited |
.NET XML Validation Security Feature Bypass | CVE-2016-0132 | No | No |