Blog Archive

Tuesday, 28 September 2010

Microsoft out-of-band patch today


Microsoft has posted advance notification that it will post an out-of-band security bulletin for Windows later today.US-CERT is quoting the Microsoft SharePoint Team as saying the bulletin will fix a recently reported vulnerability in ASP.NET that could allow an attacker to access sensitive information data (CVE-2010-3332).

Microsoft’s Sept 17 advisory “Vulnerability in ASP.NET Could Allow Information Disclosure” is here.

 The fix affects nearly all releases of Microsoft Windows:
-- Windows XP Service Pack 3
-- Windows XP Professional x64 Edition Service Pack 2
-- Windows Server 2003 Service Pack 2
-- Windows Server 2003 x64 Edition Service Pack 2
-- Windows Server 2003 with SP2 for Itanium-based Systems
-- Windows Vista Service Pack 1 and 2
-- Windows Vista x64 Edition Service Pack 1 and 2
-- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
-- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
-- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
-- Windows 7 for 32- and x64-based Systems
-- Windows Server 2008 R2 for x64-based Systems and Itanium-based Systems

Update:

Microsoft Security Bulletin MS10-070 - Important
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) here.

Tom Kelchner

No comments:

Post a Comment