MS15-041 - Vulnerability in .NET Framework Could Allow Information Disclosure

Bulletin ID: 

MS15-041

Severity: 

Important

Description: 

Severity Rating: Important
Revision Note: V2.0 (May 12, 2015): V2.0 (May 12, 2015): Bulletin re-released to address issues with the 3037580 update for Microsoft .NET Framework 4.5/4.5.1/4.5.2 on affected editions of Microsoft Windows. Customers running these versions of .NET Framework are encouraged to install the new version of the 3037580 update to be protected from the vulnerability discussed in this bulletin. See Microsoft Knowledge Base Article 3037580 for more information.
Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploited the vulnerability would be able to view parts of a web configuration file, which could expose sensitive information.

Security advisory: