An hour ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address the ASP.NET Security Vulnerability that I’ve blogged about this past week. The security update is fully tested, and is scheduled for release tomorrow – Tuesday September 28th – at approximately 10:00 AM PDT. The advance notice bulletin is intended to ensure administrators know it is coming, and are better prepared to apply it once the update is available.
We’ll release the update tomorrow via the Microsoft Download Center (I’ll blog links to the individual downloads for each version of .NET). We will then release the update via Windows Update and the Windows Server Update Service in a few days as we complete final distribution testing via these channels.
Applying the update addresses the ASP.NET Security vulnerability, and once the update is applied to your system the workarounds we have previously blogged about will no longer be required. Until you have installed the update, though, please do make sure to continue using the workarounds.
You can learn more about tomorrow’s security update release from this Microsoft Security Response Center Blog Post as well as the official Advance Notification Bulletin. We will also hold a special webcast for the bulletin release on Tuesday, September 28, 2010 at 1:00 PM PDT, where we will present information on the bulletin and take customer questions. If you are interested in attending the webcast, click here to sign up.
Thanks,
Scott