Out-of-Band Security Update for ASP.NET Vulnerability to Be Released Today
Article by George Norman
On 28 Sep 2010
On the 14th of September, Redmond-based software giant Microsoft rolled out a grand total of 9 security bulletins meant to address 11 vulnerabilities that plagued the Microsoft Windows operating system (all versions of Windows, including Windows 7 and Windows Server 2008), the web server application Internet Information Services (IIS), and the Microsoft Office productivity suite (Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2007).

Today, the 28th of September, Microsoft will roll out an out-of-band update to fix a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework when used on Windows Server operating systems. The update will be rolled out at approximately 10:00 AM PDT.


Microsoft does not release out-of-band updates unless the vulnerability is actively exploited in the wild. That is precisely what’s going on with the ASP.NET vulnerability, which is detailed in Security Advisory 2416728. As Microsoft explained, limited attacks have been detected; attempts to bypass current defenses and workaround have also been detected in the wild.

Juliano Rizzo, the researcher who disclosed this vulnerability, explained that an attacker can easily decrypt cookies, view states, form authentication tickets, membership password, user data, and anything else encrypted using the ASP.NET framework’s API.

“The security update is fully tested and ready for release, but will be made available initially only on the Microsoft Download Center. This enables us to get the update out as quickly as possible, allowing administrators with enterprise installations, or end users who want to install this security update manually, the ability to test and update their systems immediately. We strongly encourage these customers to visit the Download Center, download the update, test it in their environment and deploy it as soon as possible,” explained Dave Forstrom on behalf of the Microsoft Security Response Center team.

The update will be released via Windows Update and Windows Server Update Services within the next few days, added Forstrom.

Tags: Microsoft, Security, Update. ASP.NET
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Out-of-Band Security Update for ASP.NET Vulnerability to Be Released Today
HTML Linking Code