also @ TechSpot: Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012

Microsoft releases out-of-band security fix for Windows

By

On September 29, 2010, 3:41 PM EST

microsoft, windo
Microsoft today published an out-of-band security update (MS10-070) to fix a flaw in ASP.NET that is being exploited in the wild. The vulnerability could allow an attacker to compromise data on Windows machines ranging from XP and Server 2003 through Windows 7 and Server 2008 R2.

"An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server," Redmond said today. Microsoft's Scott Guthrie provides an in-depth overview of the flaw on his blog.

Today's release comes only 11 days after Microsoft initially warned of the bug, making for one of the company's quickest turnarounds -- second to a seven-day release in January. Given the urgency, Microsoft issued the fix a couple weeks ahead of its usual monthly release cycle, though it won't be available through Windows Update for a few days. Until then, network admins and consumers can manually download the patch via the Microsoft Download Center without waiting for widespread distribution.

Related Stories

,

5 comments

User Comments (5)

Post a comment
Gars
on September 29, 2010
3:54 PM

the article match with my problem

- on 64 W7 its need to restart

- the simple XP (32) dosent need restart

thats ring me a bell that tell me about "64bit security" work arounds

right?

Reply

natefalk
on September 29, 2010
5:15 PM

The main problem is that this vulnerability allows the attacker to download the web.config file... Since most web.config files contain passwords to databases and connection strings, this is obviously a major problem.

There is a workaround that has been out for a week or so... My question is, how did this get overlooked for so long?

Reply

Guest
on September 30, 2010
10:46 AM

What do you mean by out of band? Unix / Network devices have an separate network which connects to system consoles for out of band management.

Reply

Per Hansson
on September 30, 2010
1:40 PM

Guest2; An "out of band" security update in MS jargon is an update that is released outside the normal "patch Tuesday"

-That is the second Tuesday each month when Microsoft releases their patches (Makes an admins life easier since we know when the patches will be coming out, so we have something to plan for)

Obviously some updates are so important that they can not wait for the "patch Tuesday" and henche are releases when they are completed "out of band"

Reply

jobeard
on September 30, 2010
2:31 PM

In addition, the out-of-band fix is to the .Net facilities which are NOT germane to Unix/Linix systems.

Great puzzlement why a Linx comment appears in a clearly Windows topic :o

Reply

Browse more commented news

Post a new comment

Guest user

To post as an anonymous
user click here.

Members

If you are a TechSpot member,
please login first.


By signing up you gain complete access to the TechSpot community. Join thousands of computer and technology enthusiasts that contribute and share knowledge in our forum. Post messages, get a private inbox, upload your own photo gallery and more.

Most Popular

Trending Featured
More Trending Topics

Editors' Keyboard Picks

Downloads & Drivers

Downloads   Drivers  

GMABooster 2.1a

HaoZip 2.8

Defraggler 2.10.413

The Cleaner 2012 8.1.0.1110

WinISO 6.2.0.4526

More Downloads

Related Discussion

My PC has high CPU loads a few times every couple minutes

AVG 2012

Installing Windows or repairing without CD-ROM

Set back to factory settings

Effective Air Cooling Guide (Part II) - Myths, Old Rituals, and Analysis

More at the Forums

Subscribe to TechSpot

Get free exclusive content, learn about new features and tech breaking news.