Microsoft releases out-of-band security fix for Windows

Matthew DeCarlo

Matthew DeCarlo

Posts: 5,271   +104
Staff

Microsoft today published an out-of-band security update (MS10-070) to fix a flaw in ASP.NET that is being exploited in the wild. The vulnerability could allow an attacker to compromise data on Windows machines ranging from XP and Server 2003 through Windows 7 and Server 2008 R2.

"An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server," Redmond said today. Microsoft's Scott Guthrie provides an in-depth overview of the flaw on his blog.

Today's release comes only 11 days after Microsoft initially warned of the bug, making for one of the company's quickest turnarounds -- second to a seven-day release in January. Given the urgency, Microsoft issued the fix a couple weeks ahead of its usual monthly release cycle, though it won't be available through Windows Update for a few days. Until then, network admins and consumers can manually download the patch via the Microsoft Download Center without waiting for widespread distribution.

Permalink to story.

https://www.techspot.com/news/40457-microsoft-releases-out-of-band-security-fix-for-windows.html

 
the article match with my problem
- on 64 W7 its need to restart
- the simple XP (32) dosent need restart

thats ring me a bell that tell me about "64bit security" work arounds
right?
 
The main problem is that this vulnerability allows the attacker to download the web.config file... Since most web.config files contain passwords to databases and connection strings, this is obviously a major problem.

There is a workaround that has been out for a week or so... My question is, how did this get overlooked for so long?
 
What do you mean by out of band? Unix / Network devices have an separate network which connects to system consoles for out of band management.
 
Guest2; An "out of band" security update in MS jargon is an update that is released outside the normal "patch Tuesday"
-That is the second Tuesday each month when Microsoft releases their patches (Makes an admins life easier since we know when the patches will be coming out, so we have something to plan for)

Obviously some updates are so important that they can not wait for the "patch Tuesday" and henche are releases when they are completed "out of band"
 
In addition, the out-of-band fix is to the .Net facilities which are NOT germane to Unix/Linix systems.

Great puzzlement why a Linx comment appears in a clearly Windows topic :eek:
 
You must log in or register to reply here.

Similar threads

A
Microsoft left a kernel-level, zero-day bug in Windows for six months before patching it
Replies
9
Views
230
LimyG
LimyG
midian182
Government review criticizes Microsoft for security lapses in "preventable" Exchange hack
Replies
0
Views
98
midian182
midian182
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
400
trparky
T

Latest posts

Back