New Posts New Posts RSS Feed: ASP.NET Security Vulnerability from September 2010
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Forum LockedASP.NET Security Vulnerability from September 2010

 Post Reply Post Reply
Author
IdeaBlade View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 30-May-2007
Location: United States
Posts: 353
Post Options Post Options   Quote IdeaBlade Quote  Post ReplyReply Direct Link To This Post Topic: ASP.NET Security Vulnerability from September 2010
    Posted: 19-Oct-2010 at 5:33pm

Many of you likely received information on this vulnerability, and the security update issued by Microsoft, from other sources.  If you haven't yet applied the update, please continue reading to see if the problem impacts your DevForce applications and what to do about it.

The vulnerability will only impact your DevForce application if your BOS is running under IIS (and therefore includes DevForce Silverlight applications).  A 2-tier DevForce application, or an n-tier application with a BOS hosted by either the console server or Windows Service will be unaffected. Since the vulnerability affects all versions of ASP.NET, it also may affect all versions of DevForce.

If you are affected by the vulnerability, install the patch from Microsoft as soon as possible.  More information about the patch, and how to download, is available here: http://weblogs.asp.net/scottgu/archive/2010/09/30/asp-net-security-fix-now-on-windows-update.aspx

More information

Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
Description of the vulnerability (Scott Guthrie): http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Understanding the ASP.NET Vulnerability (Technet): http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx

 

Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down