In association with heise online

29 September 2010, 10:32

Patch fixes vulnerability in ASP.NET

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As announced, Microsoft has released out-of-schedule patches for ASP.NET to fix flaws in the implementation of the framework's cryptographic functions. For now, at least, the patches have only been made available at the Microsoft Download Center so that administrators can quickly install them on their servers.

However, they aren't exactly presented in a very obvious way. While there is a specific "Now Available" item, the associated link only leads to the related bulletin, MS10-070. The patches for the various .NET variants and server versions themselves can be found at various places in the "New Downloads" section. They date from the 27th of September 2010 (9/27/2010) and are called "Security Update for Microsoft .NET Framework":

Microsoft plans to deploy the update via the auto-update function at a later date.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit