Microsoft releases out-of-band security fix for Windows


TS Evangelist
Microsoft today published an out-of-band security update (MS10-070) to fix a flaw in ASP.NET that is being exploited in the wild. The vulnerability could allow an attacker to compromise data on Windows machines ranging from XP and Server 2003 through Windows 7 and Server 2008 R2.

Read the whole story


TS Booster
the article match with my problem
- on 64 W7 its need to restart
- the simple XP (32) dosent need restart

thats ring me a bell that tell me about "64bit security" work arounds


TS Rookie
The main problem is that this vulnerability allows the attacker to download the web.config file... Since most web.config files contain passwords to databases and connection strings, this is obviously a major problem.

There is a workaround that has been out for a week or so... My question is, how did this get overlooked for so long?


What do you mean by out of band? Unix / Network devices have an separate network which connects to system consoles for out of band management.

Per Hansson

TS Server Guru
Staff member
Guest2; An "out of band" security update in MS jargon is an update that is released outside the normal "patch Tuesday"
-That is the second Tuesday each month when Microsoft releases their patches (Makes an admins life easier since we know when the patches will be coming out, so we have something to plan for)

Obviously some updates are so important that they can not wait for the "patch Tuesday" and henche are releases when they are completed "out of band"


TS Ambassador
In addition, the out-of-band fix is to the .Net facilities which are NOT germane to Unix/Linix systems.

Great puzzlement why a Linx comment appears in a clearly Windows topic :eek: