CNET también está disponible en español.

Ir a español

Don't show this again

Amazon Prime Day Mortal Kombat 11 Aftermath DLC launch trailer Justice League Snyder Cut release confirmed Best VPN service Memorial Day deals Apple, Google coronavirus tracking tools

Microsoft to issue emergency fix for .Net hole

Limited attacks exploiting the hole and attempts to bypass workarounds are prompting the out-of-band security update, Microsoft says.


Microsoft said today it will issue an emergency patch tomorrow to fix an important hole in the ASP.Net framework used to create Web sites.

The vulnerability was disclosed by Microsoft just over a week ago and later found to be used in limited attacks. It affects all versions of the .Net framework when used on Windows Server operating systems, according to the advisory.

Windows desktop systems are affected but not vulnerable unless they are being used to run a Web server, Microsoft said.

"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds," Dave Forstrom, director of Microsoft's Trustworthy Computing division, wrote in a blog post.

The update, due out around 10 a.m. PDT tomorrow, will be made available initially only on the Microsoft Download Center and through Windows Update and Windows Server Update Services in coming days, Forstrom said.

More details about the vulnerability are in this security advisory.