Last Thursday's out of cycle update from Microsoft

Geeks With Blogs

FAQ on the correct forum to post at: http://forums.asp.net/p/1337412/2699239.aspx#2699239

Tatworth

<< O'Reilly 7 Weeks of Gift Ideas till Jan/19 | Home | Automated rollout of latest IE and IE6 usage >>

At http://weblogs.asp.net/scottgu/archive/2011/12/28/asp-net-security-update-shipping-thursday-dec-29th.aspx, Scott Guthrie discusses the reason for one (or both) of these updates. This is linked to a possible denial of service attack vector that has recently been publicly disclosed. (This attack vector is not exclusive to ASP.NET, so expect similar updates for Apache/PHP and so on).

If you have responsibility for any ASP.NET application you should apply the patch, retest your application, get client sign-off and deploy the patch(s).

Please note the following from Scott's blog "The security update we are releasing on Thursday, December 29th updates ASP.NET so that attackers can no longer perform these attacks. The security update does not require any code or application changes. "
Posted on Saturday, December 31, 2011 1:32 PM | Back to top

Comments on this post: Last Thursday's out of cycle update from Microsoft

No comments posted yet.

Your comment:

Title:

Name:

Email: (never displayed) (will show your gravatar)

Comment: Allowed tags: blockquote, a, strong, em, p, u, strike, super, sub, code

Verification:

ASP.Net SQL Server Apple Google SharePoint Windows Visual Studio Team Foundation Server Agile Office Design Patterns Web Azure