Geeks With Blogs

News FAQ on the correct forum to post at: http://forums.asp.net/p/1337412/2699239.aspx#2699239
Tatworth
At http://weblogs.asp.net/scottgu/archive/2011/12/28/asp-net-security-update-shipping-thursday-dec-29th.aspx, Scott Guthrie discusses the reason for one (or both) of these updates. This is linked to a possible denial of service attack vector that has recently been publicly disclosed. (This attack vector is not exclusive to ASP.NET, so expect similar updates for Apache/PHP and so on).

If you have responsibility for any ASP.NET application you should apply the patch, retest your application, get client sign-off and deploy the patch(s).

Please note the following from Scott's blog "The security update we are releasing on Thursday, December 29th updates ASP.NET so that attackers can no longer perform these attacks.  The security update does not require any code or application changes. "
Posted on Saturday, December 31, 2011 1:32 PM | Back to top


Comments on this post: Last Thursday's out of cycle update from Microsoft

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © TATWORTH | Powered by: GeeksWithBlogs.net