Microsoft Security Advisory 2416728: ASP.NET could allow information disclosure

MrBrian · Sep 18, 2010

http://www.microsoft.com/technet/security/advisory/2416728.mspx
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx

ronjor · Sep 20, 2010

Update to Security Advisory 2416728

20 Sep 2010 5:07 PM

We've just updated Microsoft Security Advisory 2416728 as we've begun to see limited attacks with the ASP.NET vulnerability. We have added questions and answers and encourage customers to review this information and evaluate it for their environment.

We have also added additional technical questions and answers to the Security and Defense blog, which has previously discussed the issue. Additional and expanded questions will also be added to Scott Guthrie's blog shortly.
Click to expand...

http://blogs.technet.com/b/msrc/archive/2010/09/20/update-to-security-advisory-2416728.aspx

ronjor · Sep 24, 2010

Hi everyone -

We've updated Microsoft Security Advisory 2416728 to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring. This can be done using URLScan, a free tool for Internet Information Services (IIS) that can selectively block requests based on rules defined by the administrator. If your system is running Internet Information Services (IIS) on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7, or Windows Server 2008 R2, you can alternatively use the Request Filtering feature.
Click to expand...

Microsoft

Log in or Sign up

Microsoft Security Advisory 2416728: ASP.NET could allow information disclosure

MrBrian Registered Member

ronjor Global Moderator

ronjor Global Moderator

Log in or Sign up

Microsoft Security Advisory 2416728: ASP.NET could allow information disclosure

MrBrian Registered Member

ronjor Global Moderator

ronjor Global Moderator

Useful Searches