Important: ASP.NET Security Vulnerability
page 1 of 11
Published: 18 Sep 2010
Unedited - Community Contributed
Abstract
In this article, Scott examines an ASP.NET security vulnerability which was recently discovered by Microsoft. He begins by providing a basic overview of the vulnerability and also discusses how to enable the patch on ASP.NET 1.0, 2.0, 3.5, 3.5 SP1 and 4.0. Towards the end of the article, he examines the installation and enabling of IIS URLScan with a Custom Rule including adding an addition URL scan rule. You will also learn how the find Vulnerable ASP.NET Applications on Your Web Server by running a command with the help of a relevant screenshot.
by Scott Guthrie
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 13271/ 52

Introduction

Republished with Permission - Original Article

A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET.

This vulnerability was publically disclosed late Friday at a security conference. We recommend that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications.

Important Update: You can now download the official security patch update here. Please install it ASAP on your servers – it is the only way to protect against the vulnerability. You should no longer rely on the below workaround and instead install the official security patch update immediately to protect yourself.


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2014 ASPAlliance.com  |  Page Processed at 12/18/2014 6:04:58 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search