Microsoft Releases Emergency Patch for .NET Hole

Written by Alan Thursday, 29 December 2011 06:31

net logo1 Microsoft Releases Emergency Patch for .NET Hole

Although 100 is a nice round number, that’s probably not the reason Microsoft pushed out a patch for Windows right in the middle of a holiday week.  When a fix suddenly appears, and it’s not “Patch Tuesday”, it usually means something very bad has been found somewhere in Windows, and in this case it’s in the .NET Framework.  A hole was discovered within .NET that has been rated as “Critical” because of a Denial of Service vulnerability.

The patch, MS11-100, also address 3 other security holes that had been found in the software.  The release of the patch was announced last night via a post at the Microsoft security blog.  The announcement reads, in part:

Yesterday evening, we published an Advanced Notification alerting customers to a new out-of-band security update planned to be released today. The notification listed the update as addressing a Critical Elevation-of-Privilege vulnerability, leading to several questions from customers who expected the bulletin addressing a Denial-of-Service vulnerability to be rated Important.

Before hearing about this vulnerability, we had planned to release a .NET security update addressing three vulnerabilities, one of which was a Critical elevation-of-privilege vulnerability. When this vulnerability notification arrived a few weeks ago, the ASP.NET team included the fix into the update already being developed and tested. So the bulletin today addresses four vulnerabilities, one of which is the ASP.NET Denial-of-Service vulnerability presented yesterday. You can read more about the other vulnerabilities in the Security Bulletin and we also invite you to join us for a webcast at 1:00 p.m. PST today (Dec 29) where we will describe the vulnerabilities and answer your questions live “on the air.” You can sign up for the webcast here.”

The update was was pushed out today to all machines with Windows update enabled.  The fix is for virtually all active versions of Windows, which consists of Windows XP SP3, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 and 2008 R2.

windows update patches1 Microsoft Releases Emergency Patch for .NET Hole

h solidpurple Microsoft Releases Emergency Patch for .NET Hole
If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Microsoft Releases Emergency Patch for .NET Hole

Alan

Alan is the owner and editor of Making Windows Easy. In addition to writing about technology he is also an avid distance runner and hiker. Read More

More Posts - Website - Twitter - Facebook

Related posts:

  1. Patch Tuesday for 1-12-2010
  2. Microsoft Office Malware Alert
  3. Microsoft Releases Security Advisory 2588513 for SSL
  4. Windows Security No Longer as Vulnerable as You Think
  5. Microsoft Releases Windows Defender Offline Beta
This entry was posted on Thursday, December 29th, 2011 at 6:31 pm and is filed under Microsoft, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply