Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: MS OOB patch tomorrow for Security Advisory 2416728 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS OOB patch tomorrow for Security Advisory 2416728

Microsoft is going to release an Out-of-Band Security bulletin tomorrow, 28 September 2010, which will address a security vulnerability in ASP.Net affecting all current versions of Windows.

References:

http://www.microsoft.com/technet/security/advisory/2416728.mspx

http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx

http://weblogs.asp.net/scottgu/archive/2010/09/24/update-on-asp-net-vulnerability.aspx

Keep an eye on this one folks! More information is surely to follow.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
It is not clear to me if there is a difference of protection between the patch and the workaround is suffcient. If the workaround is applied should be still apply the emergency patch?
Anonymous
@Seccubus: one of the apparent authors of the attack wrote (9:21 PM Sep 25th at http://twitter.com/thaidn/):
"Another video may prove it all, but I'm tired. So believe it or not, Microsoft workarounds can't prevent the attack. Ask them for the patch!"

Hopefully the patch really fixes the problem...
Erik van Straten

122 Posts

Sign Up for Free or Log In to start participating in the conversation!