News

Extraordinary Robot
Robot
Joined
Jun 27, 2006
Messages
23,048
Hi everyone -

We've updated Microsoft Security AdvisoryLink Removed due to 404 Error to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring. This can be done using URLScan, a free tool for Internet Information Services (IIS) that can selectively block requests based on rules defined by the administrator. If your system is running Internet Information Services (IIS) on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7, or Windows Server 2008 R2, you can alternatively use the Request Filtering feature.

If you've already implemented the workaround we've previously published, please add this additional step to help block attackers from exploiting the vulnerability.

Microsoft remains committed to taking the appropriate action to help protect our customers. Through our comprehensive monitoring, we continue to see limited active attacks. We want to assure you that we have teams working around the clock worldwide to develop a security update of appropriate quality for distribution to address this vulnerability. For additional information on the updated workaround, visit Scott Guthrie's blog.

The Security Advisory will be updated with any new developments so if you are not already subscribed to our comprehensive alerts, please do so in order to be alerted by email when new information is added. Sign up here: Link Removed

We will also keep customers apprised of any additional details and updates through the MSRC Blog.

Thanks,

Dave Forstrom

Director, Trustworthy Computing at Microsoft

Follow us on Twitter: @MSFTSecResponse


Link Removed due to 404 Error

More...
 


Back
Top