Patch fixes vulnerability in ASP.NET
As announced, Microsoft has released out-of-schedule patches for ASP.NET to fix flaws in the implementation of the framework's cryptographic functions. For now, at least, the patches have only been made available at the Microsoft Download Center so that administrators can quickly install them on their servers.
However, they aren't exactly presented in a very obvious way. While there is a specific "Now Available" item, the associated link only leads to the related bulletin, MS10-070. The patches for the various .NET variants and server versions themselves can be found at various places in the "New Downloads" section. They date from the 27th of September 2010 (9/27/2010) and are called "Security Update for Microsoft .NET Framework":
- Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista Service Pack 1 and Windows Server 2008
- Security Update for Microsoft .NET Framework 1.1 Service Pack 1 and Windows Server 2003 Service Pack 2 (32-bit)
- Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP
- Security Update for Microsoft .NET Framework 4
- Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP
- Security Update for Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2
- Security Update for Microsoft .NET Framework 3.5, Windows Vista Service Pack 1 and Windows Server 2008
- Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2
- Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
- Security Update for Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows XP
- Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 Beta and Windows Server 2008 R2 SP1 Beta
- Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
- Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 (64-bit), Windows Vista, and Windows Server 2008
Microsoft plans to deploy the update via the auto-update function at a later date.
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
