Important: ASP.NET Security Vulnerability

Discussion in 'ASP.NET / ASP.NET Core' started by wisemx, Sep 18, 2010.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. mjp

    mjp

    Thanks for the update(s). Anyone who thinks they may be vulnerable, even if they're not sure, should definitely check.
     
  2. Bruce

    Bruce DiscountASP.NET Staff

    I recommend you do the followings

    1) Disable custom error as suggested in Scott Gu's blog
    2) Consider encrypting your web.config file.
     
  3. mjp

    mjp

  4. Bruce

    Bruce DiscountASP.NET Staff

    just checked.. the patch is not yet available. We'll test and deploy this fix as soon as it is released.
     
  5. ...3:22PM EST not available here yet either but they did release two patches for Win7 64-bit systems, one for USB the other is Time related.
     
  6. Is there an update on the status re: the application of this patch?
     
  7. Bruce

    Bruce DiscountASP.NET Staff

    We have started the deployment process yesterday. We expect to patch all the servers by end of next week. You will be notified via email as to when your server will be patched.

    This update is an out-of-band update and has no automatic deployment with Windows Update. Patching the servers is a manual process and can take a while for us to patch all the servers.
     
  8. Thanks Bruce and DiscountASP.Net team!

    Thanks for being on top of this.
     
  9. Do we need to do anything?

    Bruce,

    Once the patch is applied, will we be required to do anything without default error page settings or web.configs?

    Bob
     
  10. Bruce

    Bruce DiscountASP.NET Staff

    According to Microsoft, you do not need to apply the workaround once the hot fix is installed. However, it is generally a good idea to turn on customError on a production site.
     
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page