Fix ASP. NET Security Vulnerability

Just a few moments ago we posted new information and guidance related to the reported ASP. NET security vulnerability. This includes des several pieces.

1) We updatedHttp://www.microsoft.com/security/incident/aspnet.mspxWith new information about the reported vulnerability. this shoshould help clear up some of the confusion we 've ve seen about what is affected by the reported issue. to be super clear, customers with any ASP. net deployments, on all OS's shoshould follow the guidance provided.

2) We released a new HTTP module mitigation best practice. this is in the form of an MSI installer that will help protect all ASP. NET applications on a Web server. this MSI installer will place a binary into the GAC and update the machine. config File for ASP. net. download informationHttp://www.microsoft.com/downloads/details.aspx? Familyid = da77b852-dfa0-4631-aaf9-8bcc6c743026 & displaylang = en

One can also download the MSI directlyHttp://download.microsoft.com/download/4/6/1/461433d5-cbac-4721-85cb-c5a514fd0049/VPModule.msi

3) We have posted detailed guidance about the HTTP module, how the MSI works, and how to deploy it. You can find this KB articleHttp://support.microsoft.com /? Kbid = 887289

We will continue to update the Microsoft.com security incident page as new information/guidance becomes available so please let your MERs know to check back often for new information. we will also continue to monitor the www.asp.net forums for customer questions.

 

Http://www.microsoft.com/security/incident/aspnet.mspxFor more information.

 

Ms is determined to do better and more importantCommunity. Good news, good day :)