Microsoft came out today with an out-of-band security update for the ASP.NET Padding Oracle Attack Vulnerability. If you didn’t perform the recommended workaround last week (when this vulnerability was disclosed) because you thought the Microsoft update was going to come out soon–well, I think you got lucky today now that the update is out. BUT, I hope your public ASP.NET sites didn’t get exploited during all that time! Now that the update is out, you should look into the following Microsoft Security Bulletin as soon as possible:
http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
Leave a Reply