Need a system/security patch

Similar Messages

• Applying security patch to Oracle 10G on Linux

  Hello,
  I'm new to Oracle DBA world, need to apply security patch to Oracle 10G on Linux server, any tips and notes would be appreciated.
  thanks
  Sam

  Manish,
  1. I have to upgrade the database version from 10.2.0.2 to 10.2.0.4 on Linux, Is there any proper documentation which will help me out?Please refer to the following document.
  Note: 454750.1 - Oracle Apps Release 12 with Oracle Database 10.2.0 interoperability notes
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=454750.1
  2. What are the types of oracle database patches? what is the proper procedure to apply those kind of patches to Oracle 10g on Linux?
  Most of the patches in this upgrade are database patches (which should be applied using opatch). The main upgrade patch (Patch 6810189 - 10.2.0.4 patch set) should be applied using Oracle Universal Installer (runInstaller).
  Always follow the steps in the patch README file before applying any patch.
  Regards,
  Hussein

• Your system is missing a critical Windows security patch (MS12-020) required to gain access to this system

  Hi,
  I am trying to install VPN Client from my client site. While installing i am facing the below error.
  Your system is missing a critical Windows security patch (MS12-020) required to gain access to this system. Use the link below for more information on installation, or open Windows Update and install all available critical updates. When you're finished updating
  your system, log out and try again. If you're still having problems, contact your system administrator.
  http://support.microsoft.com/kb/2621440
  I went through all the related sites but still i did not find any solution. Under Windows installed updates i could see the security update for Microsoft windows (KB2621440). If its already exist why it is not taking this security patch? 
  Kindly guide.
  Best Regards,
  Yadav Kankanwadi

  Hi,
  Based on Microsoft Security Bulletin MS12-020, this security update resolves two privately reported vulnerabilities:
  KB2621440 and KB2667402.
  http://technet.microsoft.com/en-US/security/bulletin/ms12-020
  Thanks!
  Andy Altmann
  TechNet Community Support

• Security patch MS11-049 needed for sql 2008 R2 SP2

  My Database engine version is:
  SQL
  Server 2008 R2(SP2)
  - 10.50.4260.0(X64)  
  Jul 11 2012 15:47:13  
  Copyright(c)
  Microsoft Corporation  Enterprise Edition(64-bit)
  on
  Windows NT 6.1
  <X64>(Build
  7601:
  Service Pack 1)(Hypervisor)
  According to KB2494086 this security patch is applicable for  SQL Server 2008 R2 RTM. Does this vulnerability addressed in SQL 2008 R2 Service Pack 2?
  Thanks,
  TRouf

  Hello,
  That update was already part of SP1 and it is part of SP2 too.
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com

• Upgrading Snow Leopard for security patch

  I have a Macbook Pro with Snow Leopard.  Can it be upgraded to Mavericks or Lion?  The most recent security patch does not seem to available for my system.  Thanks

  Snow Leopard wasn't affected by the latest security flaw so no update was needed. You need to check to make sure your system can run Mavericks before upgrading.
  OS X Mavericks: System Requirements
  Learn about the system requirements for OS X Mavericks.
  To install Mavericks, you need one of these Macs:
  iMac (Mid-2007 or later)
  MacBook (13-inch Aluminum, Late 2008), (13-inch, Early 2009 or later)
  MacBook Pro (13-inch, Mid-2009 or later),
  MacBook Pro (15-inch or 17-inch, Mid/Late 2007 or later)
  MacBook Air (Late 2008 or later)
  Mac mini (Early 2009 or later)
  Mac Pro (Early 2008 or later)
  Xserve (Early 2009)
  Your Mac also needs:
  OS X Mountain Lion, Lion, or Snow Leopard v10.6.8 already installed
  2 GB or more of memory
  8 GB or more of available space

• Since the latest security patch (ML), I'm getting choppy video across my entire MacBook

  MacBook Pro (2012)
  2.9 GHz Intel Core i7
  8GB Ram
  Everything was fine until a few weeks ago... after installing the latest security patch for ML, video playback - downloaded and streamed - will briefly pause and/or choppy. I thought the problem was resolved w/ Yosemite, but no such luck. I'm assuming it's a systemic issue... though where to begin?
  I'm not that tech savy, and may need to bring this in for a look-see. Any tips on where to go from here?
  Thanks

  Put me on the list as a supportor of the action. I imagine there are going to be many others with the similar complaint, this Co. has been cacheing my old accounts & poping them up every now & then, just to try & use up or do away with my credits.
  hhays. 
  [Mod edit: Please do not include personal/private information when making a public post. Thanks!]
  [e-mail removed for privacy and security]

• The security patches of WebLogic are intended for PeopleSoft WLS version?

  Hi, I need to apply some security patches for a WebLogic 8.1 SP2 environment. But I don't know if BEA supports the PeopleSoft WLS version or PeopleSoft release its own security patches.
  Someone knows about this?

  BEA has provided several security advisory patch sets to PeopleSoft, which they apparently test in their labs and then redistribute to PeopleSoft users. It is difficult for me to determine whether the patch you are referring to contains all of the BEA security releases for WLS 8.1 SP2.
  I recommend that you contact PeopleSoft and ask for their advice. If possible, I would also recommend that you consider upgrading your WLS version instead of applying a temporary patch, subject to the limitations of what PeopleSoft will support.
  My final bit of advice would be to make sure your vendor (PeopleSoft) has tested any patch before you apply it to a production system.
  Cheers!

• IPad2 Version 5.1.1 & new security patch

  I have an Ipad 2 with version 5.,1.1 that I have never updated.   I have updated my Iphone to i0S 7  system ND i HATE IT!  soI do not want to update my Ipad. I know it limits me in some ways but the new upgrade on my iphone has me wanting to now no longer have an iphone I dislike it so much. If I could revert it back I certainly would.
  For my Ipad 2 then with my current 5.1.1  version....I want to know:
  -since I am using 5.1.1 do I still need to add the patch?  or am I ok security wise or not?
  -if I add the patch will it automatically update my Ipad to i0S 7?
  -do I have a choice here & still can remain secure?
  Also...I have a personal hotspot that I use if I am in public places.
  thanks

  Your choices are to keep it at 5.1.1 and take the risk or update it to iOS7 and get the patch
  Any device that is eligible for iOS7 will be updated to iOS7 and the only devices that can get the iOS6 patch are the iTouch 4 and iPhone 3.
  Ultimately it's your choice, security risk or update your iOS

• Vulnerability/security patch management

  I'm looking for the best way to manage SAP security patches and vulnerabilities. We have to do a monthly assessment of the newly released vulnerabilities from SAP and determine if they relate to our systems. I'm having a hard time finding a good place to get a list of recently released notes.
  I found https://websmp210.sap-ag.de/security - click on Security Notes, but the list doesn't appear to list everything, and doesn't show what is new or updated from month to month. This creates a lot of manual work looking at each note every month.
  Does anyone know of any tools that can help with this. I'm looking for something like what Microsoft does with it's monthly security updates, and ideally a tool like WSUS that can analyze the systems to determine if they require the patch or not.

  Hello Jeff,
  Very good question! I have very often thought about this, and how I would like to have the information communicated to me without it being communicated to anyone else...
  Specifically regarding the security notes page, I have observed that the notes are added to the list at the top. However, the release date of the note, an update to the version of the note, nor a related note does not bump it to the top again nor influence the specific order.
  Certainly, the notes which are listed there are important ones (as indicated by Keerti)... or the principle is... some components are worth keeping an eye on, particularly if you use them or they are new.
  Alone the fact that they are published for all OSS users and additionally on that (security) page, should be reason enough to think seriously about implementing it or considering it in your own developments... If you look at some of them, you might also see they are corrections which enable security controls, so regarding your patch management I can also recommend that you differentiate between your "program error patching cycle", and your "correction and activation instruction cycle". Of course, some notes are not intrusive on customers who do not require the correction or are oblivious to it.... so you can patch until the cows come home... it will not help you until you activate the new security feature or change your technique... User types are an example of this.
  In some special cases, you need to have found the problem, before you are able to activate a solution for it. Sometimes you have to use the potentially problematic feature (setting up customizing or settings for it, and assigning authorizations to use it...) at which point the system will point things out to you. In other cases, the system will hassle you to change it for many reasons, not only the security reason.
  It makes sense to restrict authorizations and settings to only that which you use. That helps a lot. See various threads here on transaction SU24 for some examples from the authorizations aspect of security.
  Another tricky aspect is, once someone has a patch installed in their system or a security researcher has found a bug... should they make statements about it in the internet (followed by Smiley's :-)...? Often, a 90 day grace-period for admins is observed.
  If you stick around here at SDN and read some of the posts here carefully, then you can also learn a lot in a relatively short space of time, on an ongoing sort of distributed space of time....
  Reading the security wiki's and guides are also very helpfull of course.
  Risk rating can also be tricky. You might find that if your security analysts are all security or authorization admins, then they might prefer to go for program corrections rather than role changes... or concept changes... Management might even resist changes, for fear of them, their costs, etc.
  Regarding analyzing your systems, you might want to consider a "Security Optimization Service" session. You can also download this and maintain your own additional checks. That requires a small additional effort and cost. You can find more information on it by searching "OSS" and service.sap.com/security. In a 1 day or more detailed session if you want, you can cover many risks with a relatively low effort.
  I have participated in two of these (we requested them) and it was helpfull. I also provided some feedback to SAP suggesting checks and some risks. My take on it is: If we contribute to improving standard solutions (and reporting bugs), then we all benefit from it "for free" in the standard products.
  Last but not least, there is monitoring. You can learn a lot from the various monitoring possibilities (check your legal requirements for security there as well).
  Some thoughts from me for your interesting question,
  Julius

• Can't access safe mode to delete System Security fake anti virus virus. HELP.

  Hi, our SL500 has become infected with "System Security" fake anti virus software. We have tracked down how to remove it.
  http://www.geekstogo.com/forum/system-security-malware-t222291.html
  However when we get to the "reboot your computer in safe mode" (see instructions below) we can't as this is not possible.
  We have tried F8...........Repeatedly . And also  Run->msconfig->BOOT.INI->/SAFEBOOT . But to no avail . Actually we get a pop up stating that Windows  can not find said command and have we typed it in correctly . Please could some one help us as this is driving us insane . One last thing . A computer WITHOUT a "safe mode " option, isn't that kinda of unsafe and a tad.....
  Thanks in advance.  
  Instructions for malware removal. 
  You will need to print out a copy of these instructions, or save them to NotePad and put a shortcut to the file on the desktop so that you can refer to while you complete this procedure as you will be required to boot into Safe Mode where you wont have internet access.
  Please download ATF Cleaner by Atribune.
  Caution: This program is for Windows 2000, XP and Vista only
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  If you use Firefox browser
  Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  If you use Opera browser
  Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  Click Exit on the Main menu to close the program.
  Run MBAM again, only this time perform a full scan and post the log.
  Please click here to download AVP Tool by Kaspersky.
  Save it to your desktop.
  Reboot your computer into SafeMode.
  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.
  Double click the setup file to run it.
  Click Next to continue.
  It will by default install it to your desktop folder.Click Next.
  Hit ok at the prompt for scanning in Safe Mode.
  It will then open a box There will be a tab that says Automatic scan.
  Under Automatic scan make sure these are checked.
  System Memory
  Startup Objects
  Disk Boot Sectors.
  My Computer.
  Also any other drives (Removable that you may have)
  After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
  Then choose OK again then you are back to the main screen.
  Then click on Scan at the to right hand Corner.
  It will automatically Neutralize any objects found.
  If some objects are left un-neutralized then click the button that says Neutralize all
  If it says it cannot be Neutralized then chooose The delete option when prompted.
  After that is done click on the reports button at the bottom and save it to file name it Kas.
  Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  Note: This tool will self uninstall when you close it so please save the log before closing it.
  In your next reply I would like to see:
  C:\RSIT\info.txt
  MBAM log
  Kaspersky AVP scan results
  Also let me know how the computer is behaving. 
  This post has been edited by Octagonal: Dec 27 2008, 08:08 AM 

  Thanks for trying to help. Sadly, I followed the instructions and it rebooted to the blue screen again.
  It's going to have to go to Apple for repairs now. I'm out of options.
  I am wondering how much easier it would have been if I'd created a time machine restore point. I got what I deserved for failing to do that, but I'm doubtful even that would have worked in this case. It does seem to be because of that piece of widely reported malware that didn't want to leave without causing damage.
  The most frustrating aspect is the safe boot. I get to the desktop but without any menu, finder or dock. It seems to be similar to the problem below...
  http://www.macsmarts.com/?p=109
  But that's for Tiger. I tried that to no effect.
  Like I said, it's going to have to go to Apple now because I've done so many things I don't know if I'm just digging myself a deeper hole.
  Thanks again for offering help.

• Hi, I don't know how to find a specific security patch to apply to my Oracle database version to fix a vulnerability

  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help

  2835604 wrote:
  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help
  that sounds like the "tns poison" vulnerability.  CVE 2012-1675 - Oracle Security Alert CVE-2012-1675
  See MOS note 134083.1  and 1453883.1

• Oracle Security Patch Error while applying --The filename, directory name,

  Hello,
  I am running into strange error while applying Oracle Security Patch 68 by using Opatch.
  Supposedly, All the environment variables are set properly.
  ACTIVE_STATE_PERL=true
  DBMS_TYPE=ORA
  dbs_ora_tnsname=YBQ
  JAVA_HOME=C:\jdk1.3.1_10
  OPATCH_DEBUG=TRUE
  ORACLE_HOME=E:\oracle\ora92
  ORACLE_SID=YBQ
  Path=E:\oracle\OPatch;C:\jdk1.3.1_10\bin;E:\oracle\Perl\bin;E:\oracle\ora92\jre\1.4.2\bin\client;E:\oracle\ora92\jre\1.4.2\bin;E:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\VERITAS Shared;\NetBackup\bin;C:\Program Files\Windows Resource Kits\Tools\;C:\Program Files\Support Tools\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;E:\usr\sap\YBQ\SYS\exe\run
  Installed Active Perl. latest version
  downloaded Opatch 1.0.0.50
  and the patch number 3738339
  I went to that directory and run the command :
  perl opatch.pl apply
  It started of well.
  OPatch version is: 1.0.0.0.50
  Using ORACLE_HOME/oui to look up oui libs...
  Oracle Home = E:\oracle\ora92
  Location of Oracle Inventory = E:\oracle\ora92\inventory
  Oracle Universal Installer shared library = E:\oracle\ora92\oui\lib\win32\oraInstaller.dll
  Path to Java = "E:\oracle\ora92\jre\1.4.2\bin\java.exe"
  Location of Oracle Inventory Pointer = N/A
  Location of Oracle Universal Installer components = E:\oracle\ora92\oui
  Required Jar File under Oracle Universal Installer = jlib\OraInstaller.jar
  find under OH/oui/jlib
  found OraInstaller.jar
  Checking if this is a RAC system...
  Accessing inventory... This may take up to 300 seconds.
  (retry 10 times, delay 30 seconds each time)
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;.:E:\oracle\ora92\jlib\srvm.jar" opatch/O2O "e:\oracle\ora92" "E:\oracle\ora92\oui" opatch.pl 1.0.0.0.50"
  Result:
  ----- DEBUG is ON -------
  oracle.installer.startup_location will be set to E:\oracle\ora92\oui
  oracle.installer.oui_loc will be set to E:\oracle\ora92\oui
  oracle.installer.scratchPath will be set to /tmp
  opatch.local_node_only is OFF
  retryOption is ON: 10
  delayOption is ON: 30
  Few more stuff here .. not pasting the entire contents
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;." opatch/CheckConflict "E:\oracle\ora92\oui" "e:\oracle\ora92" opatch.pl 1.0.0.0.50 3738339 "3741539 3528282 3516951 3622875 3668572 3371796 3239873 3356103 3543125 3666502 2800494 2824035 2964252 3617042 3320622 3571233 3253770 3492040 3566469 3354470 3625370 3583686 3150750 3617519 3635177 3597640 3749394 3542588 3698501 2954891 2918138 3559212 3518909 3412818 3430832 3172282 3358490 3637624 3458446 3179637 2810394 3668224 3609791 3566813 3475932 2338704 3412136 3388633 3540576 3571226 3575743 2690205 3240280 3509265 3177513 3575747 3811906 3554319 3752406 3323435 " E:\3738339\etc\config\actions"
  Result:
  opatch.pl version: 1.0.0.0.50
  Copyright (c) 2001-2004 Oracle Corporation. All Rights Reserved.
  The filename, directory name, or volume label syntax is incorrect.
  Error in executing Java program to check conflict
  ERROR: OPatch failed during pre-reqs check.
  Now there is no problem with executing the last java program in the same prompt by removing the first and the last double quote "
  Please advise.
  Thanks in advance.

  hi somnath,
  this is the portal content management forum. for your database question please use the database forums:
  http://forums.oracle.com/forums/index.jsp?cat=18
  thanks,
  christian

• WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

  I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
  This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
  server is configured on http port 80 
  ERROR
  Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
  according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
  I've checked proxy server connectivity. I'm able browse following site from WSUS server
  http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
  I did telnet proxy server on the particular port (8080) and that is also fine.
  I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
  Any tips appreciated !
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

  Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
  Your reply  ("SSL is enabled/configured, and the certificate being used is invalid
  (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
  I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
  My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
  proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
  Any other hints where I can prove them it's a sure shot problem from their side.
  Thanks again !!
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM

• System.Security.VerificationException: Operation could destabilize the runtime during code coverage run in visual studio

  I have a unit test that basically does the following:
  Creates an app domain using minimum priviledges.  The MarshalByRefObject that is living in the app domain, loads another assembly to execute.  This new assembly basically takes in a data object defined in a separate assembly, and returns a
  new data object of that type.
  All this works fine in debug mode, or when running w/out code coverage.  The Sandbox assembly is signed.
  The exception that gets thrown is this:
  Test method TestProject1.UnitTest1.TestMethod1 threw exception:
  System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.VerificationException: Operation could destabilize the runtime.
  ClassLibrary3.Bar..ctor()
  ClassLibrary2.Foo.TestMethod(Bar testBar)
  System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
  System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
  System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
  System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
  ClassLibrary1.RemoteSandBox.Execute(String assemblyPath, String scriptType, String method, Object[] parameters)
  ClassLibrary1.RemoteSandBox.Execute(String assemblyPath, String scriptType, String method, Object[] parameters)
  ClassLibrary1.SandBox.Execute(String assemblyPath, String scriptType, String method, Object[] parameters) in c:\users\la22426\documents\visual studio 2010\Projects\TestProject1\ClassLibrary1\Sandbox.cs: line 43
  TestProject1.UnitTest1.TestMethod1() in c:\users\la22426\documents\visual studio 2010\Projects\TestProject1\TestProject1\UnitTest1.cs: line 21
  Unit Test code:
  [TestClass]
  public class UnitTest1
  [TestMethod]
  public void TestMethod1()
  using (SandBox sandbox = new SandBox())
  string assemblyLocation = Path.Combine(Environment.CurrentDirectory, @"..\..\..\ClassLibrary2\bin\Debug\ClassLibrary2.dll");
  object result = sandbox.Execute(assemblyLocation, "ClassLibrary2.Foo", "TestMethod", new Bar() { X = "test" });
  Assert.IsNotNull(result);
  Data Object code:
  namespace ClassLibrary3
  [Serializable]
  public class Bar
  public Bar() { }
  public string X { get; set; }
  Assembly to execute code:
  namespace ClassLibrary2
  public class Foo
  public Bar TestMethod(Bar testBar)
  return new Bar() { X = testBar.X };
  Sandbox code:
  namespace ClassLibrary1
  public class SandBox : IDisposable
  AppDomain Domain { get; set; }
  RemoteSandBox RemoteSandBox { get; set; }
  public SandBox()
  var setup = new AppDomainSetup()
  ApplicationBase = AppDomain.CurrentDomain.BaseDirectory,
  ApplicationName = Guid.NewGuid().ToString(),
  DisallowBindingRedirects = true,
  DisallowCodeDownload = true,
  DisallowPublisherPolicy = true,
  //DisallowApplicationBaseProbing = true,
  var permissions = new PermissionSet(PermissionState.None);
  permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
  permissions.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
  this.Domain = AppDomain.CreateDomain(setup.ApplicationName, null, setup, permissions,
  typeof(RemoteSandBox).Assembly.Evidence.GetHostEvidence<StrongName>());
  this.RemoteSandBox = (RemoteSandBox)Activator.CreateInstanceFrom(this.Domain, typeof(RemoteSandBox).Assembly.ManifestModule.FullyQualifiedName, typeof(RemoteSandBox).FullName).Unwrap();
  public object Execute(string assemblyPath, string scriptType, string method, params object[] parameters)
  return this.RemoteSandBox.Execute(assemblyPath, scriptType, method, parameters);
  public void Dispose()
  if (this.Domain != null)
  AppDomain.Unload(this.Domain);
  class RemoteSandBox : MarshalByRefObject
  public RemoteSandBox()
  public object Execute(string assemblyPath, string scriptType, string method, params object[] parameters)
  //we need some file io permissions to load the assembly
  new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, assemblyPath).Assert();
  Assembly assembly;
  try
  assembly = Assembly.LoadFile(assemblyPath);
  finally
  CodeAccessPermission.RevertAssert();
  Type type = assembly.GetType(scriptType, true);
  MethodInfo methodInfo = type.GetMethod(method);
  object instance = (methodInfo.IsStatic) ? null : Activator.CreateInstance(type);
  object returnVal = null;
  returnVal = methodInfo.Invoke(instance, parameters);
  return returnVal;

  I marked the shared data library with the attributes:
  [assembly: AllowPartiallyTrustedCallers]
  [assembly: SecurityRules(SecurityRuleSet.Level2, SkipVerificationInFullTrust = true)]
  And then marked  the data class Bar with the attribute:
  [SecuritySafeCritical]
  And got a little more insight into what's going on:
  Test method TestProject1.UnitTest1.TestMethod1 threw exception:
  System.MethodAccessException: Attempt by security transparent method 'Microsoft.VisualStudio.Coverage.Init_d2f466df4c65e2a7bb5d7592c49efef0.Register()' to call native code through method 'Microsoft.VisualStudio.Coverage.Init_d2f466df4c65e2a7bb5d7592c49efef0.VSCoverRegisterAssembly(UInt32[],
  System.String)' failed.  Methods must be security critical or security safe-critical to call native code.
  Microsoft.VisualStudio.Coverage.Init_d2f466df4c65e2a7bb5d7592c49efef0.Register()
  ClassLibrary3.Bar..ctor() in c:\users\xxx\documents\visual studio 2010\Projects\TestProject1\ClassLibrary3\Bar.cs: line 13
  TestProject1.UnitTest1.TestMethod1() in c:\users\xxx\documents\visual studio 2010\Projects\TestProject1\TestProject1\UnitTest1.cs: line 21
  Since the injected code coverage il is doing some native stuff, it's throwing.  Any ideas on how to allow this?

• In deadlock after every release of security patch

  After a security patch release is available the user has to visit the download page which
  can "speak" only Flash using the vulnerable installation of Flash Player.
  That means the user must expose own system to attacks in order to download the patched version.
  What bad concept. Where is the Adobe specialist responcible for the concept?
  Please do not claim one can trust the Adobe server and download page.
  Nowadays, there is no one server nor url trustful.
  Certificate issuers are not trustfull - see accidents from few last months.
  So, the more the servers nor internet sides can be trustfull.
  And the link to offline installer does not work due to disabled flash player
  or for any other reason. See http://kb2.adobe.com/de/cps/191/tn_19166.html
  and the url placed there
  Flash Player 10 Plugin (Alle anderen Windows-Browser, wie etwa Firefox oder Google Chrome)
  User does not decide to enable vulnerable flash installation and is not able to update
  to the patched one. It is a dead-lock.

  Under Adobe Forums: Forum: Flash Player ?
  It is defenitely too deep in Adobe's world.
  Official download page is not a forum page.
  Most of normal and PC non-freaks willl look there for downloads/updates.
  Link to full installer should be placed on official download page.
  Additionally, this page should not use Flash Player.
  Just to avoid a dead-lock when an update includes security patches.
  Additionally, as JackMcNac states it above the links to off-line
  installers and to be find somewhere in the Flash Online Support
  do not always work - it can't be.