-{ Quote: "Published: September 27, 2010

Microsoft Security Bulletin Advance Notification issued: September 27, 2010

Microsoft Security Bulletin to be issued: September 28, 2010

This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on September 28, 2010. The bulletin addresses a security vulnerability in all supported releases of Microsoft Windows.

This bulletin advance notification will be replaced with the September bulletin summary on September 28, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the out-of-band bulletin on September 28, 2010, at 1:00 PM Pacific Time (US & Canada). Register now for the September 28, 1:00 PM webcast. Afterwards, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information." }-https://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx

-{ Quote: "Out of Band Release to Address Microsoft Security Advisory 2416728

Hello -

Today we provided advance notification to customers that we will release an out-of-band security update to address the vulnerability discussed in Security Advisory 2416728. The update is scheduled for release tomorrow, Tuesday, September 28, 2010 at approximately 10:00 AM PDT. The bulletin has a severity rating of Important and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework when used on Windows Server operating systems. Windows desktop systems are listed as affected, but consumers are not vulnerable unless they are running a Web server from their computer.

Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds." }-Microsoft (http://blogs.technet.com/b/msrc/archive/2010/09/27/out-of-band-release-to-address-microsoft-security-advisory-2416728.aspx)

-{ Quote: "Microsoft Security Bulletin MS10-070 - Important

Version: 1.0
General Information
Executive Summary

This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.

This security update is rated Important for all supported editions of ASP.NET except Microsoft .NET Framework 1.0 Service Pack 3. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by additionally signing all data that is encrypted by ASP.NET. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2416728.

Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.

Known Issues. Microsoft Knowledge Base Article 2418042 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues.
Top of sectionTop of section
Affected and Non-Affected Software

The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle." }-https://www.microsoft.com/technet/security/bulletin/ms10-070.mspx