Microsoft Releases First and Only Out-of-Schedule Patch of 2011

rated by 0 users
This post has 1 Reply | 0 Followers

Top 10 Contributor
Posts 26,802
Points 1,212,910
Joined: Sep 2007
News Posted: Fri, Dec 30 2011 10:30 AM

Microsoft came ever-so-close to ending the year without a single unscheduled patch outside of its monthly Patch Tuesday routine, but in the end, three "Critical" vulnerabilities found in its .NET Framework prompted the Redmond software giant to take action immediately. Left unpatched, the flaws could allow for the elevation of privileges if an unauthenticated attacker sends a specially crafted Web request to the target site, Microsoft said.

"An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name," Microsoft explained in a security bulletin (MS11-100).

The update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5. Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Windows, including Windows 7.

On the plus side, we installed the updates on a Windows 7 machine and were not prompted to restart our PC.

  • | Post Points: 20
Top 50 Contributor
Posts 2,865
Points 29,645
Joined: Mar 2011
Location: United States, Connecticut

I am surprised that this patch is not a server side fix. Microsoft must have decided that this was a insanely important fix to get out for them to release this off schedule. I sort of want to applaud them for trying to keep the security as high as possible.

  • | Post Points: 5
Page 1 of 1 (2 items) | RSS