September 2010 out of band ASP.NET Security Update

DevDiv SE has released an out of band security bulletin today because we determined that this is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds.

Sep 30th Update: Today this update was also made available on Windows Update and WSUS.

Microsoft Security Bulletin MS10-070 - Important , Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
Affected products/components: .NET Framework 1.1 SP1, .NET Framework 2.0 SP2, .NET Framework 3.5, .NET Framework 3.5 SP1, .NET Framework 4

More details about the versions affected by this vulnerability can be found in the security bulletin MS10-070 and also on ScottGu's blog and the SRD blog.

Please remember that customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. Customers outside the U.S. and Canada can find a local support number here. There is no charge for support calls that are associated with security updates.

We will also hold a webcast for the bulletin release on Tuesday, September 28, 2010 at 1:00 PM PDT, where we will present information on the bulletin and take customer questions. If you are interested in attending the webcast, click here to sign up.

Thanks,
Jamshed Damkewala
Senior Lead Program Manager, .NET Framework Sustained Engineering Team