Updated info on the reported ASP.NET vulnerability

Today we posted updated information to http://www.microsoft.com/security/incident/aspnet.mspx with additional information about the nature of the reported vulnerability and an additional mitigation best practice.  Our additional guidance is an HTTP Module that you can install onto a server that will mitigate all ASP.NET applications on the box and protect them against canonicalization issues we knew about at the time of publication.  This is easier then updating the global.asax for each application and if you are dealing with a whole lot of servers much easier to deploy.  You can grab the MSI installer for the HTTP Module at http://www.microsoft.com/downloads/details.aspx?FamilyId=DA77B852-DFA0-4631-AAF9-8BCC6C743026.  There is also a new KB posted at http://support.microsoft.com/?kbid=887289 that describes how to deploy the MSI and HTTP Module.

We will continue to update the landing page as new information or guidance becomes available, so keep checking back.

Comments (4)
  1. Anonymous says:

    Thibaut Barrère – ASP.Net vulnerability fix : HTTP module published

Comments are closed.

Skip to main content