SharePoint 2013 -This product requires Microsoft .Net Framework 4.5

I got this error “This product requires Microsoft .Net Framework 4.5” during installing SharePoint 2013 on Windows Server 2012 R2 and I tried to follow the same steps suggested her but it did not succeed.

The right fix for my case was to remove this KB3102467 and then restart the windows.

For the same case , check this link

Also check Microsoft resolution


HTML Form found in redirect page security risk

To understand the title, let us see this example.

Assume that we have two pages as following:

  1. Admin Page (Only can accessible by login users)
  2. No Access Page (Redirect page to show the anonymous user that you don’t have access to admin page)

Admin page has the following critical information


No Access page show the following message to anonymous user


Now to prevent the anonymous user to access the admin page, I used the below code in the page load event to redirect the user to No access page using Response.RedirectLocation


If you try to access the admin.aspx page using the browsers, then you will get this result


But if you try to use tool like HTML Editor which belong to Acunetix then you will get the following result


But why?

The reason for this vulnerability that Response.RedirectLocation doesn’t terminate the response because the above client tool is not based on Web behavior so no direction happened and we able to see the content of admin page.

To fix this issue, simply add Response.End() or instead of this , you can use Respose.Redirect which internally call Response.End() to stop processing the result


For more details

DROWN attack

Based on Wikipedia,

“The DROWN attack is a cross-protocol security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. DROWN can affect all types of servers that offer services encrypted with TLS yet still support SSL v2, provided they share the same public key credentials between the two protocols.”


You can find more about the right implementation for SSL/TLS in Maximizing SharePoint Security whitepaper

To check if your website has this vulnerability, you can use the following tools:

  2. The DROWN Attack Test

To Fix this issue , simply disable SSL v2 in your servers (also it’s recommended to disable SSL v3) as following :

Go to this registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

If there is no “Server” key then create “Server” key

Then create a DWORD value named “DisabledByDefault” and change the value data to “1

Restart the server



Some articles, use “Enabled” key instead of “DisabledByDefault” but if you go with this way then the above tools will not consider your server secure against Crown attack so better to go with “DisabledByDefault “.

For more details about Crown attack, check the following post:

Moving My blog from to

I moved my blog from to so no more entries or update will be done in the old blog.

My Posts in Previous blog: