Security vulnerability in ASP.NET

Security Vulnerability - Affects Infiniti versions up to and including v8.6.3

This is a Microsoft issue that affects all versions of Infiniti up to and including v8.6.3.

ASP.NET MVC 2, ASP.NET MVC 3, ASP.NET MVC 4, ASP.NET MVC 5, and APS.NET MVC 5.1 contain a known security vulnerability. Typically, an attacker could host a specially crafted website that is designed to exploit the vulnerability through a web browser, and then convince a user to view the website.

The attacker could also take advantage of compromised websites and websites that accept or host user-provided content. There is no way to "force" a user to visit the vulnerable site(s), however, if a user is convinced or guided into visiting a vulnerable site, the potential security threat can be exploited.

For more information about this issue, please visit Microsoft's website.

This vulnerability affects all versions of Infiniti up to (and including) v8.6.3. Infiniti v8.6.4 onwards use components that are not affected.

We recommend that customers using a version of Infiniti prior to v8.6.4 upgrade to a version later than v8.6.4 in order to mitigate the risk posed by this vulnerability.

For information about upgrading, please email