Skip to main content
MSRC

2011

December 2011 Out-Of-Band Bulletin Release: Q&A and Webcast

Friday, December 30, 2011

Hello, Today we published the December 2011 Out-of-Band Security Bulletin Webcast Questions & Answers page. We fielded 41 questions on the subject of MS11-100. There were four questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page. We invite our customers to join us for the next public webcast scheduled for Wednesday, January 11, 2012 at 11 a.

ASP.NET security update is live!

Thursday, December 29, 2011

Today we released MS11-100, addressing a newly disclosed denial-of-service vulnerability affecting several vendors’ Web application platforms, including Microsoft’s ASP.NET. Yesterday, we posted an SRD blog describing the vulnerability and the detection and workaround opportunities. With this blog post, we’d like to update you on the following topics: Why is this bulletin rated “Critical” for a Denial-of-Service vulnerability?

Microsoft releases MS11-100 for Security Advisory 2659883

Thursday, December 29, 2011

Hello, Today we released Security Update MS11-100 to address the issue described in Security Advisory 2659883. The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework. Of note, the new method of hash collision attacks used to exploit this vulnerability is an industry-wide issue affecting various Web platforms, including ASP.

Advanced Notification for out-of-band release to address Security Advisory 2659883

Wednesday, December 28, 2011

Hello, Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST. The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.

Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue

Tuesday, December 27, 2011

Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions of .NET Framework, however we recommend customers use the mitigation and workaround described in the Advisory to help protect sites against this new method to exploit hash tables.

More information about the December 2011 ASP.Net vulnerability

Tuesday, December 27, 2011

Today, we released Security Advisory 2659883 alerting customers to a newly disclosed denial-of-service vulnerability affecting several vendors’ web application platforms, including Microsoft’s ASP.NET. This blog post will cover the following: Impact of the vulnerability How to know if your configuration is vulnerable to denial-of-service How to detect the vulnerability being exploited at network layer How to detect the vulnerability being exploited on the server Background on the workaround to protect your website Impact of the vulnerability

長期休暇の前に

Monday, December 26, 2011

寒い日が続きますね。初詣の CM が流れたり、街では歳末大売り出しののぼりや福引を見かけるようになりました