.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Post New Web Links

Patch For ASP.NET Vulnerability Available

Posted By: nmgomes     Posted Date: September 28, 2010    Points: 0   Category :ASP.Net
 

Microsoft has published a Security Advisory (2416728) about a security vulnerability in ASP.NET on Saturday, September 18th. This vulnerability exists in all versions of ASP.NET and was publically disclosed late Friday at a security conference.

Scott Guthrie has provided information on workarounds (please see Important: ASP.NET Security Vulnerability and ASP.NET Security Vulnerability) to prevent attackers from using this vulnerability against their ASP.NET applications.

To h


View Complete Post


More Related Resource Links

Patch For ASP.NET Vulnerability Available

  

Microsoft has published a Security Advisory (2416728) about a security vulnerability in ASP.NET on Saturday, September 18th. This vulnerability exists in all versions of ASP.NET and was publically disclosed late Friday at a security conference.

Scott Guthrie has provided information on workarounds (please see Important: ASP.NET Security Vulnerability and ASP.NET Security Vulnerability) to prevent attackers from using this vulnerability against their ASP.NET applications.

To h

Patch for VS 2010 Find and Replace Dialog Growing

  
One of the top reported Microsoft Connect issues with VS 2010 has been an issue with the Find and Replace dialog - which grows 16px each time you use it (which is pretty annoying). The Visual Studio team recently released a patch that fixes this issue. You can download and apply it here. Hope this helps, Scott P.S. A few people reported issues installing the patch if they had an older version of the Silverlight 4 tools installed.  If you see an error message that says you need an update to Visual Studio to support Silverlight 4, you can fix it by installing the latest Silverlight 4 tools release.

Health Analyzer reports "Product / patch installation or server upgrade required." and I can't seem

  
The text of the error is: On server SHAREPOINTSERVER, once all required products and/or patches are installed, perform an upgrade by either running PSConfigUI.exe or by executing the command "PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures". If a former upgrade attempt has failed, you may need to resolve upgrade specific issues before attempting upgrade again. Refer to the upgrade status page (http://sharepointserver:XXXX/_admin/UpgradeStatus.aspx) for information about current and prior upgrade attempts, and to determine issues that may be preventing upgrade from succeeding. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=142700". So I went to the server in question and ran the command line quoted in the error message and then I get this error back: Configuration of SharePoint Products failed. Configuration must be performed before you use SharePoint Products. For further details, see the diagnostic log located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\1 4\LOGS\PSCDiagnostics_....log and the application event log. So fine, I look into the event log and get this: Failed to initiate the upgrade sequence. An exception of type System.IO.IOException was thrown. Additional exception information: Access to the path 'C:\ProgramData\Microsoft\SharePoi

Product / Patch installation or server upgrade required in Health Reporting area

  
Via PSCDiag Log I get ERR Task upgrade has failed with an unknown exception ERR Exeception: Microsoft.SharePoint.Upgrade.SPUpgradeException: Action 4.0.14.0 of Microsoft.SharePoint.Upgrade.SPIiswebsSitewssSequence Failed--->System.DirectoryServices.DirectoryServicesCOMException (0x80070003): The system cannot find the path specified.

Patch Information

  
Hi, I want to install some patches on my client server which is recommended Microsoft Windows Update. Before that I want to know that patches are affecting to sharepoint site or not and also is it safe or not? Can you please suggest me suitable way to do this? Thanks in advance. Regards, Jayashri  

Cannot Connect SQLServer 2008 with the provider SQLNCLI... Is there any SQL Server 2008 patch to sup

  
We have a program which developed under SQL Server 2005. In the program the provider of the connect string is hard coded as "SQLNCLI". It's ok running on SQL Server 2005. Now, for some reasons, this program must run under SQL Server 2008 (x64). But our program cannot access the SQL Server. We check the reason, found that, in SQL Server 2008, SQLNCLI is changed to SQLNCLI10, this caused our program cannot run. So I want to ask, is there any patch of SQL2008, so that the legacy program can normal access SQLserver with SQLNCLI WITHOUT rebuild a new version?  

Alleged Padding Oracle vulnerability in ASP.NET

  
Can anybody direct me to an official response from Microsoft to the recently identified, and highly exaggerated and sensationalised, Padding Oracle / AES cookie encryption vulnerability which allegecly affects various platforms including Java, Ruby on Rails, and ASP.NET? http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310 As far as I can tell, this issue is not as serious on any of the affected platforms as the regurgitated suggestions in the hyped articles seem to imply. Data is only compromised if developers are careless enough to . And despite all the headlines mentioning banking and singling-out ASP.NET, websites where security is that important should all be using HTTPS. One highly sensationalised headline and article about this, which only mentioned ASP.NET, has been picked-up and distributed and repeated prolifically. And sensationalist hype is a good way to get people to click on and share a link to your website. However, as fun and trendy as it may be to try and find reasons to criticise Microsoft technology, it is also dangerous and irresponsible when doing so overlooks or neglects to mention other platforms affected by the same type of vulnerability. Nevertheless, it's reassuring to know that potential issues in MS technology are quickly flagged and hard to miss, because they attract so much publicity.

ASP.NET Security Vulnerability and SharePoint 2007 (Microsoft Security Advisory (2416728))

  

With the recent security advisory issued by Microsoft for all ASP.NET applications it was highlighted by Scott Gu that SharePoint applications are at risk also. Scott provided a link to a script which would run on your web-server  to determine if there are ASP.NET applications installed on it and if it was vulnerable or not. I ran this script on my SharePoint server and noticed the following web.config files highlighted as being vulnerable:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\layouts\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\images\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\isapi\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\web.config

Could I follow the instructions provide by Microsoft in the alert and modify these files? If not, how do I protect my web applications from this threat or are they at risk at all?
 


Important: ASP.NET Security Vulnerability

  
A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET. This vulnerability was publically disclosed late Friday at a security conference.  We recommend that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications. What does the vulnerability enable? An attacker using this vulnerability can request and download files within an ASP.NET Application like the web.config file (which often contains sensitive data). At attacker exploiting this vulnerability can also decrypt data sent to the client in an encrypted state (like ViewState data within a page...(read more)

ASP.NET Security Vulnerability Error Handling Project Part 3

  
In ASP.NET Security Vulnerability Error Handling Project Part 1 , we discussed implementing a project that utilizes the suggestions made in Scott Guthrie's post on ASP.NET Security Vulnerability . Even after Microsoft releases a patch for this security vulnerability, this working project will still be valuable for generating your error messages and sending emails. I showed how to setup the web.config file, add the sleep delay, and optionally display the error to the screen for developer debugging...(read more)

ASP.NET Security Vulnerability Error Handling Project Part 2

  
In ASP.NET Security Vulnerability Error Handling Project Part 1 , we discussed implementing a project that utilizes the suggestions made in Scott Guthrie's post on ASP.NET Security Vulnerability . Even after Microsoft releases a patch for this security vulnerability, this working project will still be valuable for generating your error messages and sending emails. I showed how to setup the web.config file, add the sleep delay, and optionally display the error to the screen for developer debugging...(read more)

ASP.NET Security Vulnerability Error Handling Project Part 1

  
After having read Scott Guthrie's post on ASP.NET Security Vulnerability , I decided to take my existing error handling code, update it with his suggested sleep delay, and put it into a separate VB.NET Visual Studio project to share with others. In my project, you may optionally display the details of the error on the page if you update the code to set the debug flag to true, for instance, if the developer is logged in. I also send the error message and site specific details to the developer via...(read more)

How to protect SharePoint servers from the ASP.NET vulnerability

  
On Friday an ASP.NET vulnerability was announced at an Argentine security conference, Microsoft posted Security Advisory 2416728 within a few hours, and by early Saturday morning Scott Guthrie described steps to mitigate ASP.NET sites against the vulnerability . Scott also posted a FAQ about the vulnerabilty that describes steps being taken towards a permanent solution, and how to detect attacks by monitoring server logs. Monday the SharePoint Products and Technologies team posted Steps to protect...(read more)

Update on ASP.NET Vulnerability

  
Earlier this week I posted about an ASP.NET Vulnerability , and followed this up with another blog post that covers some Frequently Asked Questions about it. We are actively working on releasing a security update that fix the issues, and our teams have been working around the clock to develop and test a fix that is ready for broad distribution across all Windows platforms via Windows Update.  I'll post details about this once it is available. Revised Workaround and Additional URLScan Step In my first blog post I covered a workaround you can apply immediately on your sites and applications to prevent attackers from exploiting it.  Today, we are revising it to include an additional defensive measure. This additional step can be done...(read more)

Frequently Asked Questions about the ASP.NET Security Vulnerability

  
Two days ago I published an important blog post about a security vulnerability in ASP.NET .  In it I discussed a workaround that we recommend customers use to help prevent attackers from using the vulnerability against your applications. Below are answers to some common questions people have asked since then about the vulnerability. Is Microsoft going to release an update to fix the vulnerability? Yes.  We are working on an update to ASP.NET that we will release via Windows Update once it has been thoroughly tested and is ready for broad distribution. Until the update is available, we will also publish details on workarounds (like the one described in this post ) that can be applied immediately to help protect against the vulnerability...(read more)

Get the ASP.NET Patch Now

  
Hey folks, the permanent fix has been released for the ASP.NET vulnerability. Download and install your copy now before the bad guys mess with your Web server and its sites! http://support.microsoft.com/kb/2416472...(read more)

Fix available to protect SharePoint servers from ASP.NET vulnerability

  
Today the fix shipped to remedy a cryptographic ASP.NET vulnerability. The update is listed as Important , and it is strongly recommended that this security update be applied to all IIS servers including those hosting SharePoint and other ASP.NET applications. Though the greater risk is to public-facing servers, all servers should be protected. The fix was announced as a Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx A webcast will be held this afternoon to describe...(read more)
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend