|
-
Sep 18th, 2010, 05:43 AM
#1
Important: ASP.NET Vulnerability
I think this is important for everyone to read.
An ASP.NET vulnerability was unveiled recently. Please read the following message from Microsoft Security Response Center for information on the vulnerability and how to fix it.
http://blogs.technet.com/b/msrc/arch...-released.aspx
-
Sep 18th, 2010, 06:07 AM
#2
Re: Important: ASP.NET Vulnerability
That's a dangerious threat. Thanks for the heads up.
The problem with computers is their nature is pure logic. Just once I'd like my computer to do something deluded. 
-
Sep 18th, 2010, 07:11 AM
#3
Frenzied Member
Re: Important: ASP.NET Vulnerability
You Don't Have to Rate Me.
I'm Not a Civilized Man I'm the Civilization it self
White or Black, Living or Dieing and 0 or 1 that's MY life
iam an Object in Object Oriented Life
my blog : http://refateid.blogspot.com/
twitter : @avrail
010011000111010101110110001000000100110101111001001000000101000001100011 
-
Sep 20th, 2010, 01:44 AM
#4
Re: Important: ASP.NET Vulnerability
Hello Athehist,
Thanks for the heads up, I was note aware of this.
Gary
-
Sep 20th, 2010, 02:26 AM
#5
Re: Important: ASP.NET Vulnerability
Hello everyone,
I am just reading more information about this vulnerability here:
http://weblogs.asp.net/scottgu/archi...erability.aspx
Gary
-
Sep 20th, 2010, 10:01 AM
#6
Junior Member
Re: Important: ASP.NET Vulnerability
Simple enough fix.
Other thing I do, which was kind of an "oh duh" moment for me, was I put this in a long time ago. I used to have a "you don't have permission to access this page" type page, and a generic "oops something happened" type page.
The issue was, finding the "you don't have permission to access this page" means "Hey, you ALMOST made it into a protected page, now that you know the URL start going to town with every technique/script you have!"
So the generic Error page isn't all that bad of an option anyway. Unique error information should be logged into your web error log anyway.
Using VB 2010/2008/2005 (Windows and ASP)
-
Sep 21st, 2010, 01:55 AM
#7
Re: Important: ASP.NET Vulnerability
Some more information has been posted about this by Scott Gu, you can find it here:
http://weblogs.asp.net/scottgu/archi...erability.aspx
This exploit affects all ASP.Net Application, including ASP.Net MVC, and SharePoint. You can find information about SharePoint here:
http://blogs.msdn.com/b/sharepoint/a...harepoint.aspx
Gary
-
Sep 28th, 2010, 01:08 AM
#8
Re: Important: ASP.NET Vulnerability
Hey,
Looks like there is a fix for this.
Being released today:
http://weblogs.asp.net/scottgu/archi...sept-28th.aspx
Gary
-
Sep 29th, 2010, 01:42 AM
#9
Re: Important: ASP.NET Vulnerability
A patch is now available for the ASP.Net Vulnerability:
http://weblogs.asp.net/scottgu/archi...available.aspx
Gary
-
Sep 29th, 2010, 07:04 AM
#10
Frenzied Member
Re: Important: ASP.NET Vulnerability
You Don't Have to Rate Me.
I'm Not a Civilized Man I'm the Civilization it self
White or Black, Living or Dieing and 0 or 1 that's MY life
iam an Object in Object Oriented Life
my blog : http://refateid.blogspot.com/
twitter : @avrail
010011000111010101110110001000000100110101111001001000000101000001100011 
-
Sep 29th, 2010, 07:43 AM
#11
Re: Important: ASP.NET Vulnerability
-
Sep 30th, 2010, 06:58 PM
#12
Re: Important: ASP.NET Vulnerability
This was also posted to the US-CERT mailing list. If you don't already subscribe, it's a great way to keep track of the latest security announcements/vulnerabilities from Microsoft/Adobe/Oracle/etc.
-
Oct 1st, 2010, 02:25 AM
#13
Re: Important: ASP.NET Vulnerability
Nice link tr333, I didn't know about that one.
Thanks
Gary
-
Oct 1st, 2010, 05:37 AM
#14
Re: Important: ASP.NET Vulnerability
The update is now being pushed out through Windows Update as well:
http://weblogs.asp.net/scottgu/archi...ws-update.aspx
Gary
-
Oct 1st, 2010, 05:57 AM
#15
Re: Important: ASP.NET Vulnerability
 Originally Posted by gep13
That's sound good
Please mark you thread resolved using the Thread Tools as shown
-
Oct 1st, 2010, 06:34 AM
#16
Re: Important: ASP.NET Vulnerability
Yip, hopefully there won't be many installations left in an unpatched state with it being pushed out this way.
Gary
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|