You know a problem is serious if Microsoft decides to release a fix for a vulnerability outside of its normal "Patch Tuesday" monthly schedule.
You know a problem is serious if Microsoft decides to release a fix for a vulnerability outside of its normal "Patch Tuesday" monthly schedule.Microsoft has released an out-of-band patch for a serious flaw in its ASP.NET web application development toolkit, which -- if left unfixed -- could give malicious hackers the ability to read any file on a web application server.
Worryingly, the security flaw has been exploited in some attacks already raising the spectre of unauthorized information disclosure.
Microsoft's security bulletin MS10-070 rates the security update as "important" for all supported editions of ASP.NET except Microsoft .NET Framework 1.0 Service Pack 3.
Consumers shouldn't need to do anything unless they are running a Web server from their computer. This is probably the reason why Microsoft isn't initially making the update available through the normal Windows Update services, and instead directing affected customers to manually download it from the Microsoft Download Center instead.
Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his award-winning other blog on the Sophos website, you can find him on Twitter at @gcluley. Special to Dark Reading.
Read more about:
2010About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024