Microsoft releases out-of-band security fix for Windows

By on September 29, 2010, 3:41 PM
Microsoft today published an out-of-band security update (MS10-070) to fix a flaw in ASP.NET that is being exploited in the wild. The vulnerability could allow an attacker to compromise data on Windows machines ranging from XP and Server 2003 through Windows 7 and Server 2008 R2.

"An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server," Redmond said today. Microsoft's Scott Guthrie provides an in-depth overview of the flaw on his blog.

Today's release comes only 11 days after Microsoft initially warned of the bug, making for one of the company's quickest turnarounds -- second to a seven-day release in January. Given the urgency, Microsoft issued the fix a couple weeks ahead of its usual monthly release cycle, though it won't be available through Windows Update for a few days. Until then, network admins and consumers can manually download the patch via the Microsoft Download Center without waiting for widespread distribution.




User Comments: 5

Got something to say? Post a comment
Gars Gars said:

the article match with my problem

- on 64 W7 its need to restart

- the simple XP (32) dosent need restart

thats ring me a bell that tell me about "64bit security" work arounds

right?

natefalk natefalk said:

The main problem is that this vulnerability allows the attacker to download the web.config file... Since most web.config files contain passwords to databases and connection strings, this is obviously a major problem.

There is a workaround that has been out for a week or so... My question is, how did this get overlooked for so long?

Guest said:

What do you mean by out of band? Unix / Network devices have an separate network which connects to system consoles for out of band management.

Staff
Per Hansson Per Hansson, TS Server Guru, said:

Guest2; An "out of band" security update in MS jargon is an update that is released outside the normal "patch Tuesday"

-That is the second Tuesday each month when Microsoft releases their patches (Makes an admins life easier since we know when the patches will be coming out, so we have something to plan for)

Obviously some updates are so important that they can not wait for the "patch Tuesday" and henche are releases when they are completed "out of band"

jobeard jobeard, TS Ambassador, said:

In addition, the out-of-band fix is to the .Net facilities which are NOT germane to Unix/Linix systems.

Great puzzlement why a Linx comment appears in a clearly Windows topic :o

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.