Archives
-
Security update released for ASP.NET Padding Oracle Vulnerability
Microsoft has just released security bulletin MS10-070 with security updates for the issue. The updates are currently on Microsoft Download Center, but will be available through all other channels soon.
-
Update 1: ASP.NET Zero Day Vulnerability - Padding Oracle Exploit
ScottGu has posted some additional FAQs on http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx
-
ASP.Net zero day vulnerability - Padding Oracle exploit
An ASP.Net cryptograhic zero day was publicly disclosed today.
-
Fixes for several IIS issues released in September 2010 patch cycle
We just released a bulletin this September that addresses three IIS vulnerabilites. Two of these were responsibly discolsed, while one was publicly disclosed. The bulletin is on http://www.microsoft.com/technet/security/bulletin/MS10-065.mspx and contains the mitigations and workarounds in each case. The knowledge base articles for each of the three vulnerabilities are linked below and contain affected platform information.