Just got a very fresh update from ScottGu’s blog about the ASP.NET Security Update.
A few minutes ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address an ASP.NET Security Vulnerability.
Dec 29th Update: the security update (MS11-100) has now shipped and is available to install via Windows Update, the Windows Server Update Service and as a download from the Microsoft Download Center.
The security update we are releasing resolves a publicly disclosed Denial of Service issue present in all versions of ASP.NET. We’re currently unaware of any attacks on ASP.NET customers using this exploit, but we strongly encourage customers to deploy the update as soon as possible.
We are releasing the security update via Windows Update and the Windows Server Update Service. You can also manually download and install it via the Microsoft Download Center. We will release the update on Thursday, December 29th at approximately 10am Pacific Time (US and Canada). We are announcing it ahead of time to ensure that administrators know that the security update is coming, and are prepared to apply it once it is available.
To learn more about security vulnerability, you can visit the link here.
If you have questions about the vulnerability or have any issues applying the update, you can post questions in the Security Vulnerability forum.