Security Advisory 2416728 Released

Discussion in 'Security Alerts' started by News, Oct 7, 2010.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,189
    Likes Received:
    20
    Hi everyone,

    Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds. Our Security Research & Defense team has written a blog post to explain how the workarounds work and have provided a script to help administrators determine if they have ASP.NET applications in vulnerable configurations.

    We are continuing to investigate this issue and will update customers with new information as it becomes available as well as the MSRC blog. We are also working closely with our Microsoft Active Protections Program (MAPP) to help our partners build protections when and where possible.

    We continue to encourage security researchers to coordinate vulnerability disclosure with software vendors. We believe public disclosure before a comprehensive update can be produced only leads to customer risk through criminal activity.

    Thank you,

    Jerry Bryant
    Group Manager, Response Communications


    [​IMG]

    More...
     

Share This Page

Loading...