Microsoft releases emergency patch for ASP.NET security flaw


Microsoft releases emergency patch for ASP.NET security flaw

Warwick Ashford

Microsoft is to release an emergency out-of-band patch today for the zero-day vulnerability disclosed this month that affects web applications built on ASP.NET.

The patch comes just a week after Microsoft confirmed exploits of the vulnerability, which potentially affects millions of web applications.

The patch, which will fix the flaw in all versions of the .NET framework, will be available initially only on the company's Download Center.

The update will be released through Windows Update and Windows Server Update Services within the next few days.

Windows desktop systems are listed as affected, but Microsoft said consumers are not vulnerable unless they are running a web server from their computer.

Microsoft published workarounds to defend against attacks exploiting the ASP.NET flaw shortly after it was publicly disclosed. However, researchers said the workarounds did not fully protect users.

"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers, as we have seen limited attacks and continued attempts to bypass current defenses and workarounds," said Dave Forstrom, director of Trustworthy Computing at Microsoft, in a blog post.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy