In addition to the ASP.NET hash collision Denial of Service attack, Microsoft patches 3 more vulnerabilities resulting in an Aggregate Severity Rating that is Critical.
This is a summary of the vulnerabilities. Please read the full MS11-100 bulletin for more details and how to download and install the patches.
Vulnerability Severity Rating | Maximum Security Impact | Affected Software | CVE ID |
Important | Denial of Service | Collisions in HashTable May Cause DoS Vulnerability | CVE-2011-3414 |
N/A or Moderate | N/A or Spoofing | Insecure Redirect in .NET Form Authentication Vulnerability | CVE-2011-3415 |
Critical | Elevation of Privilege | ASP.Net Forms Authentication Bypass Vulnerability | CVE-2011-3416 |
Important | Elevation of Privilege | ASP.NET Forms Authentication Ticket Caching Vulnerability | CVE-2011-3417 |
The CVE-2011-3415 is N/A in .NET 1.1, and Moderate in all other .NET versions.
–jeroen