MS10-070 – Important ASP.NET security bulletin and update available


On Tuesday we released a very important security bulletin and update for ASP.NET. If you are responsible for an ASP.NET web server please take the time to review the information and act accordingly. I’m not going to try and regurgitate the detail here but here are some key links:

Bulletin MS10-070

http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx

ScottGu blog

ASP.NET Security Update Now Available (this, in my opinion, has the clearest explanation of which patches you need depending on which OS and framework versions you have)

ASP.NET Security Update Shipping Tuesday, Sept 28th

Update on ASP.NET Vulnerability

Frequently Asked Questions about the ASP.NET Security Vulnerability

Important: ASP.NET Security Vulnerability

KB

http://support.microsoft.com/?id=2418042

Security advisory

http://www.microsoft.com/technet/security/advisory/2416728.mspx

CVE

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332

Microsoft Security Research and Defense blog

Additional Information about the ASP.NET Vulnerability

Understanding the ASP.NET Vulnerability (including custom error configuration detection script)

Special forum to discuss the vulnerability

http://forums.asp.net/1233.aspx

HTH

Doug

Comments (0)

Skip to main content