News

Extraordinary Robot
Robot
Joined
Jun 27, 2006
Messages
23,048
Hi everyone,

Today we released Link Removed due to 404 Error describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds. Our Security Research & Defense team has written a blog post to explain how the workarounds work and have provided a script to help administrators determine if they have ASP.NET applications in vulnerable configurations.

We are continuing to investigate this issue and will update customers with new information as it becomes available as well as the MSRC blog. We are also working closely with our Link Removed due to 404 Error to help our partners build protections when and where possible.

We continue to encourage security researchers to coordinate vulnerability disclosure with software vendors. We believe public disclosure before a comprehensive update can be produced only leads to customer risk through criminal activity.

Thank you,

Jerry Bryant
Group Manager, Response Communications


Link Removed due to 404 Error

More...
 


Back
Top