ASP.NET Security Vulnerability – Update

Following our communication on the ASP.NET Security Vulnerability where we described the issue and how you can help protect your customers, we have an update that provides further measures you can take to help your business and your customers address the issue: In addition to the original described in the Scott Guthrie's blog, hosting providers can take further measures by configuring their web servers. An updated security advisory has the details on how to apply this additional measure.

Call to action

Apply the additional recommended measure on your Web servers and communicate to your customers, urging them to apply this additional measure on their dedicated and virtual servers (this is on top of applying the workaround on yours and your customer’s ASP.NET applications (including sharepoint).

Our team is working around the clock to release an update via Windows Update that fixes the underlying product vulnerability. Until that update is available, we recommend using the above workaround to help prevent attackers from using the vulnerability against yours and your customers’ applications.

Once we release the security update, you will no longer need to implement any workaround steps.

Please post specific questions about the vulnerability in this forum on the www.asp.net web-site.

Thank you,

Microsoft Hosting Team