In addition to the ASP.NET hash collision Denial of Service attack, Microsoft patches 3 more vulnerabilities resulting in an Aggregate Severity Rating that is Critical.
This is a summary of the vulnerabilities. Please read the full MS11-100 bulletin for more details and how to download and install the patches.
|Vulnerability Severity Rating||Maximum Security Impact||Affected Software||CVE ID|
|Important||Denial of Service||Collisions in HashTable May Cause DoS Vulnerability||CVE-2011-3414|
|N/A or Moderate||N/A or Spoofing||Insecure Redirect in .NET Form Authentication Vulnerability||CVE-2011-3415|
|Critical||Elevation of Privilege||ASP.Net Forms Authentication Bypass Vulnerability||CVE-2011-3416|
|Important||Elevation of Privilege||ASP.NET Forms Authentication Ticket Caching Vulnerability||CVE-2011-3417|
The CVE-2011-3415 is N/A in .NET 1.1, and Moderate in all other .NET versions.