Last week I cross-posted, about a security flaw in ASP.NET which could allow an attacker to get access to files on the server.
Microsoft has announced an out-of-band patch for this on Tuesday, September 28, 2010.
Here is the blog post from the Microsoft SharePoint Team blog with details and links.
As we announced yesterday, today we released Security Bulletin MS10-070 out-of-band to address a vulnerability in ASP.NET. The bulletin and the blog by Scott Guthrie, corporate vice president of Microsoft’s .NET Developer Platform are available for more information.
This security update addresses a vulnerability affecting all versions of the .NET Framework when used on Windows Server operating system. While desktop systems are listed as affected, consumers are not vulnerable unless they are running a web server from their computer.
The update will be made available initially only through the Microsoft Download Center and then released through Windows Update and Windows Server Update Services within the next few days. This allows customers the option to deploy it manually now without delaying for broader distribution.
For customers who use Automatic Updates, the update will be automatically applied once it is released broadly. Once the Security Update is applied, customers are protected against known attacks related to Security Advisory 2416728.
If you can, please join me and Dustin Childs today for a live webcast where we will cover the details of this bulletin and take customer questions live. Here is the registration information:
Date: Tuesday September 28, 2010
Time: 1:00 p.m. PDT
Click Here to Register
Director, Trustworthy Computing