Galaxy S23 Ultra First Look After Layoffs, Meta Focuses on 'Efficiency' Everything Samsung Revealed at Unpacked 'Angel Wings' for Satellites 'Shot on a Galaxy S23' GABA and Great Sleep Netflix's Password-Sharing Crackdown 12 Best Cardio Workouts
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Microsoft to issue emergency fix for .Net hole

Limited attacks exploiting the hole and attempts to bypass workarounds are prompting the out-of-band security update, Microsoft says.

Microsoft

Microsoft said today it will issue an emergency patch tomorrow to fix an important hole in the ASP.Net framework used to create Web sites.

The vulnerability was disclosed by Microsoft just over a week ago and later found to be used in limited attacks. It affects all versions of the .Net framework when used on Windows Server operating systems, according to the advisory.

Windows desktop systems are affected but not vulnerable unless they are being used to run a Web server, Microsoft said.

"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds," Dave Forstrom, director of Microsoft's Trustworthy Computing division, wrote in a blog post.

The update, due out around 10 a.m. PDT tomorrow, will be made available initially only on the Microsoft Download Center and through Windows Update and Windows Server Update Services in coming days, Forstrom said.

More details about the vulnerability are in this security advisory.