Microsoft releases emergency patch for ASP.NET security flaw


Microsoft releases emergency patch for ASP.NET security flaw

Warwick Ashford

Microsoft is to release an emergency out-of-band patch today for the zero-day vulnerability disclosed this month that affects web applications built on ASP.NET.

The patch comes just a week after Microsoft confirmed exploits of the vulnerability, which potentially affects millions of web applications.

The patch, which will fix the flaw in all versions of the .NET framework, will be available initially only on the company's Download Center.

The update will be released through Windows Update and Windows Server Update Services within the next few days.

Windows desktop systems are listed as affected, but Microsoft said consumers are not vulnerable unless they are running a web server from their computer.

Microsoft published workarounds to defend against attacks exploiting the ASP.NET flaw shortly after it was publicly disclosed. However, researchers said the workarounds did not fully protect users.

"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers, as we have seen limited attacks and continued attempts to bypass current defenses and workarounds," said Dave Forstrom, director of Trustworthy Computing at Microsoft, in a blog post.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy