MS OOB patch tomorrow for Security Advisory 2416728

Published: 2010-09-27
Last Updated: 2011-01-24 23:34:17 UTC
by Adrien de Beaupre (Version: 1)
2 comment(s)

Microsoft is going to release an Out-of-Band Security bulletin tomorrow, 28 September 2010, which will address a security vulnerability in ASP.Net affecting all current versions of Windows.

References:

http://www.microsoft.com/technet/security/advisory/2416728.mspx

http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx

http://weblogs.asp.net/scottgu/archive/2010/09/24/update-on-asp-net-vulnerability.aspx

Keep an eye on this one folks! More information is surely to follow.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

2 comment(s)

Comments

It is not clear to me if there is a difference of protection between the patch and the workaround is suffcient. If the workaround is applied should be still apply the emergency patch?
@Seccubus: one of the apparent authors of the attack wrote (9:21 PM Sep 25th at http://twitter.com/thaidn/):
"Another video may prove it all, but I'm tired. So believe it or not, Microsoft workarounds can't prevent the attack. Ask them for the patch!"

Hopefully the patch really fixes the problem...

Diary Archives