WELCOME TO
Widget Image
THE TIME FOR CHANGE IS NOW

Success is best achieved by knowing what needs doing. Collaborating to make progress, and measuring the results. Propellor by ITexpress includes tools to make task management as effortless as possible, great collaboration tools for your team and clients and powerful reporting and progress tracking dashboards.

START NOW FOR FREE

Microsoft Readies New Patch to fix ASP.NET Vulnerability

Microsoft Readies New Patch to fix ASP.NET Vulnerability

Microsoft is preparing to release an out-of-band security fix for the ASP.NET flaw reported earlier this month.

The company admitted to the problem in a security advisory on 17 September, in which it suggested a workaround that companies should apply “immediately”.

Microsoft will now post an out-of-cycle patch for the vulnerability, given its critical nature.

The flaw exists in all versions of ASP.NET 2, and Microsoft recommends that customers apply the patch to prevent attackers compromising ASP.NET applications.

Wolfgang Kandek, chief technology officer at Qualys, echoed this advice, urging companies to install the patch as soon as it becomes available.

“IT administrators should first focus on web servers that do not have the workarounds implemented,” he added.

The flaw gives attackers access to information found in the web.config file, which could be sensitive, and allows for the interception of other material sent to any client machine.

Microsoft updated its reference pages about the flaw at the end of September, and said that it is aware of a number of “limited, active attacks”.

Affected software includes Windows XP, including SP3 and Professional, Windows Server 2003 and 2008, Windows Vista and Windows 7.

Microsoft’s Security Bulletin Advance Notification for September 2010 warned that the ASP.NET flaw can lead to information disclosure.

Post Tags:
PREV

New minimum wage rate from October

NEXT

ITexpress Outsourced Payroll Services