United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Tech Outpost

Reply
Topic Options
Floating_Red
Rootkit Eradicator
Posts: 5,217
Registered: ‎05-30-2008
Accepted Solution

Security Alert: Vulnerability in ASP.NET Could Allow Information Disclosure

[ Edited ]
Options

‎09-24-2010 11:28 AM - edited ‎09-24-2010 01:31 PM

Customers using ASP.NET in Public-Facing Servcies are advised to read Microsoft Security Advisory (2416728) and to apply the Workarounds immediately. Several Exploit Tools are available for this Class of Vulnerability and Microsoft reports that SharePoint and Exchange - and all applications that rely on ASP.NET - are affected by this Vulnerability. This issue is being exploited in-the-Wild in Limited Attacks and in some cases can result in a complete system compromise. Further information is available in the below resources. 

 

Microsoft Security Advisory (2416728):
Vulnerability in ASP.NET Could Allow Information Disclosure:
https://www.microsoft.com/technet/security/advisory/2416728.mspx.

Security Advisory 2416728 Released:
http://blogs.technet.com/b/msrc/archive/2010/09/17/security-advisory-2416728-released.aspx.

 

Understanding the ASP.NET Vulnerability:
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx.

Important: ASP.NET Security Vulnerability:
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx.

Frequently Asked Questions about the ASP.NET Security Vulnerability:
http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-secur....

 

 

[edit: Fixed posting error.]     

Tuesday, May 14, 2013: The Symantec THREATCON was Changed to Level 2: Elevated Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 1 of 3 (1,331 Views)
Reply
floplot
Posts: 9,952
Topics: 200
Kudos: 1,892
Solutions: 354
Registered: ‎04-11-2009

Re: Security Alert: Vulnerability in ASP.NET Could Allow Information Disclosure

Options

‎09-27-2010 03:16 PM

Hello All

 

Microsoft is planning to release an out of cycle update to fix this problem on Tues. Sept 28th.

 

Please see this article for further information. Thanks.

 

 

http://www.zdnet.com/blog/security/malware-attacks-force-ms-to-ship-emergency-aspnet-patch/7385?tag=...

Success always occurs in private and failure in full view.




Report Inappropriate Content
Message 2 of 3 (1,272 Views)
Reply
Floating_Red
Rootkit Eradicator
Posts: 5,217
Registered: ‎05-30-2008

Re: Security Alert: Vulnerability in ASP.NET Could Allow Information Disclosure

[ Edited ]
Options

‎09-28-2010 12:33 PM - edited ‎09-28-2010 12:34 PM

Microsoft has released Security Advisory M.S.10-070 and Patches for this Issue. Customers are advised to re-view and Install the Patch as soon as possible. Workarounds are also available; however some Reports suggest that they do not protect against all Timing Attacks.  Please see Microsoft "Patch Tuesday" for Patch Details.

 

 

 

Tuesday, May 14, 2013: The Symantec THREATCON was Changed to Level 2: Elevated Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)
Report Inappropriate Content
Message 3 of 3 (1,233 Views)
Reply
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+