Repost From Jason Cooper on alternative security list:
Seems like the threat from this one reached the critical level and a fire was lit under someones behind to make sure the patch was available accordingly. I would put this pretty high on your patch list if you have external facing ASP.NET based websites, which will need patching accordingly. Microsoft has just announced that we are planning to release an out-of-band security bulletin tomorrow, September 28, 2010 to address the recently disclosed vulnerability in ASP.NET. The full version of the Microsoft Security Bulletin Advance Notification can be found at http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx. This is for the vulnerability first disclosed in Microsoft Security Advisory 2416728: http://www.microsoft.com/technet/security/advisory/2416728.mspx. For some additional context, please see the below blogs. http://blogs.technet.com/msrc/ http://blogs.technet.com/srd/ Please let us know if you have questions or information to share related to this issue. Thanks, Jason Jason Cooper Security Program Manager Microsoft CSS Security +1 (425) 707-4121 [email protected]<mailto:[email protected] <mailto:[email protected]%3cmailto:[email protected]> > Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
