.NET 1.0 SP3 and .NET 1.1 SP1 Released

From Shawn Farkas: "Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update. You can also download the service packs from the MSDN download center."

Here"s a brief review of what"s new for security in each service pack:

.NET 1.0 SP3 (v1.0.3705.6018) [download | complete changelist]

323683: NTLM authentication is lost on every call

321562: FIX: Role-based authentication fails for users who belong to many groups

and these security related fixes that weren"t from the CLR security team:

324488: Forms authentication and view state fail intermittently under heavy load

327132: FIX: PassportIdentity does not require secure PIN when security-enhanced authentication is requested

327523: Users can open Web pages without the correct NTFS permissions

.NET 1.1 SP1 (v1.1.4322.2032) [download | Windows 2003 download | complete changelist]

836989: FIX: A user receives a "security exception" error message while running user code that is based on the .NET Framework 1.1 in a partial trust environment

828295: FIX: Error Message: Security Exception: PermissionToken Index Does Not Match Index into m_unrestrictedPermSet

839289: FIX: The GC heap becomes corrupted when you use the .NET Framework System.Security.Cryptography.RSACryptoServiceProvider class

Download: .NET 1.0 SP3 (v1.0.3705.6018)

Download: .NET 1.1 SP1 (v1.1.4322.2032)

News source: Shawn Farkas Blog

Report a problem with article
Next Article

Microsoft Releases SP1 for SharePoint Products

Previous Article

Star Wars Battlefront goes gold!