Spyware, Viruses, & Security forum

General discussion

Out of Band Release - Microsoft Security Advisory 2416728

Microsoft Security Bulletin Advance Notification for September 2010

Published: September 27, 2010

Microsoft Security Bulletin Advance Notification issued: September 27, 2010
Microsoft Security Bulletin to be issued: September 28, 2010

This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on September 28, 2010. The bulletin addresses a security vulnerability in all supported releases of Microsoft Windows.

This bulletin advance notification will be replaced with the September bulletin summary on September 28, 2010.

http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx

Out of Band Release to Address Microsoft Security Advisory 2416728

From : The Microsoft Security Response Center (MSRC)
Published : September 27, 2010

Today we provided advance notification to customers that we will release an out-of-band security update to address the vulnerability discussed in Security Advisory 2416728. The update is scheduled for release tomorrow, Tuesday, September 28, 2010 at approximately 10:00 AM PDT. The bulletin has a severity rating of Important and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework when used on Windows Server operating systems. Windows desktop systems are listed as affected, but consumers are not vulnerable unless they are running a Web server from their computer.

Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds.

The security update is fully tested and ready for release, but will be made available initially only on the Microsoft Download Center. This enables us to get the update out as quickly as possible, allowing administrators with enterprise installations, or end users who want to install this security update manually, the ability to test and update their systems immediately. We strongly encourage these customers to visit the Download Center, download the update, test it in their environment and deploy it as soon as possible.

The update will also be released through Windows Update and Windows Server Update Services within the next few days as we test to make sure distribution will be successful through these channels. This approach allows us to release sooner to customers who may choose to deploy it manually without delaying for broader distribution.

For customers using Automatic Update, this Security Update will automatically be applied once it is released broadly. Once the Security Update is applied, customers are protected against known attacks related to Security Advisory 2416728.

Dave Forstrom
Director, Trustworthy Computing

http://blogs.technet.com/b/msrc/archive/2010/09/27/out-of-band-release-to-address-microsoft-security-advisory-2416728.aspx
Discussion is locked
You are posting a reply to: Out of Band Release - Microsoft Security Advisory 2416728
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Out of Band Release - Microsoft Security Advisory 2416728
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Out-of-Band Released - MS10-070

In reply to: Out of Band Release - Microsoft Security Advisory 2416728

Microsoft Security Bulletin MS10-070 - Important

Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

Published: September 28, 2010

Executive Summary:

This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.

This security update is rated Important for all supported editions of ASP.NET except Microsoft .NET Framework 1.0 Service Pack 3. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by additionally signing all data that is encrypted by ASP.NET. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2416728.

Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
____________

From: The Microsoft Security Response Center (MSRC):

Date: Tuesday September 28, 2010
Time: 1:00 p.m. PDT

As we announced yesterday, today we released Security Bulletin MS10-070 out-of-band to address a vulnerability in ASP.NET. The bulletin and the blog by Scott Guthrie, corporate vice president of Microsoft's .NET Developer Platform are available for more information.

This security update addresses a vulnerability affecting all versions of the .NET Framework when used on Windows Server operating system. While desktop systems are listed as affected, consumers are not vulnerable unless they are running a web server from their computer.

The update will be made available initially only through the Microsoft Download Center and then released through Windows Update and Windows Server Update Services within the next few days. This allows customers the option to deploy it manually now without delaying for broader distribution.

For customers who use Automatic Updates, the update will be automatically applied once it is released broadly. Once the Security Update is applied, customers are protected against known attacks related to Security Advisory 2416728.

http://blogs.technet.com/b/msrc/archive/2010/09/28/ms10-070-released-out-of-band-today.aspx
Collapse -
Microsoft Releases MS10-070 to all distribution channels

In reply to: Out of Band Release - Microsoft Security Advisory 2416728

From The Microsoft Security Response Center (MSRC):

Today we released out-of-band Security Update MS10-070 through the remainder of our standard distribution channels, including Windows Update and Windows Server Update Services. We have completed our testing of these channels and confirmed the update can be successfully downloaded.

Customers are strongly encouraged to download the Security Update, test it in their environments and deploy it as quickly as possible. For customers using Automatic Update, this update will automatically be applied.

Dave Forstrom

http://blogs.technet.com/b/msrc/archive/2010/09/30/microsoft-releases-ms10-070-to-all-distribution-channels.aspx

______________

Microsoft Security Bulletin MS10-070 - Important

Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
Published: September 28, 2010
Updated: September 30, 2010

V2.0 (September 30, 2010): Revised this bulletin to announce that the updates are now available through all distribution channels, including Windows Update and Microsoft Update. Also added an update FAQ to describe additional clarifications and corrections to the bulletin.

http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

DEALS, DEALS, DEALS!

Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.