ms10-070

Resolves a vulnerability in ASP.NET that could allow information disclosure. An attacker that successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. More...

Revision Note: V6.1 (October 26, 2011): For MS10-070, corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems. Summary: This bulletin summary lists security bulletins released for September 2010. More...

Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletin Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue...

Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletin Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue...

Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletinSummary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue, including...

Hello, As we announced yesterday, today we released Link Removed due to 404 Error out-of-band to address a vulnerability in ASP.NET. The bulletin and the blog by Scott Guthrie, corporate vice president of Microsoft's .NET Developer Platform are available for more information. This security...

Hi everyone - Today we released out-of-band Link Removed due to 404 Errorthrough the remainder of our standard distribution channels, including Windows Update and Windows Server Update Services. We have completed our testing of these channels and confirmed the update can be successfully...

Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should...