Martin Knafve

**Name of the Vulnerable Software and Affected Versions** ASP.NET versions prior to the fixed version ASP.NET Core versions 1.0 through 2.0 ASP.NET MVC version 5.2 **Description** A Security Feature Bypass issue exists due to the lack of validation for the number of incorrect login attempts. This issue does not specify the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For ASP.NET, update to a version that includes the fix for this issue. For ASP.NET Core versions 1.0 through 2.0, update to a version that includes the fix for this issue. For ASP.NET MVC version 5.2, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions 8.1, 10 Gold, 10 1511, 10 1607, and Windows Server versions 2012 R2, 2016 Windows RT 8.1 **Description** The issue is related to the DNS client in Microsoft Windows, which fails to properly process DNS queries. This allows remote attackers to obtain sensitive information by either convincing a workstation user to visit an untrusted webpage or tricking a server into sending a DNS query to a malicious DNS server. The vulnerability is associated with a lack of protection for service data. **Recommendations** For Microsoft Windows 8.1, update to a version that includes the fix for this issue. For Windows 10 Gold, 1511, and 1607, update to a version that includes the fix for this issue. For Windows Server 2012 R2 and 2016, update to a version that includes the fix for this issue. For Windows RT 8.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to untrusted web pages and limiting DNS queries to trusted servers until a patch is available.