Update: Microsoft Issues Out-of-Band Security Update to address ASP.NET Vulnerability--SharePoint Vulnerable to Oracle Padding Attack

Update:
MIcrosoft's ASP.NET Security update now available:
To read the Microsoft Security Bulletin MS10-070 - Important
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) go to the Microsoft website.

From a SharePoint-related FAQ in Scott Guthrie's blog (ScottGu) entry at Microsoft titled "ASP.NET Security Update Now Available":
"Does this update work with SharePoint?"
"Yes. We have not found any issues in testing SharePoint with this security update. You should install it on SharePoint servers to ensure that they are not vulnerable."

From Microsoft TechNet webinar with Dave and Duncan on 9/28/10:
"Will SharePoint be affected?"
"It is affected but you don't need to do anything beyond applying the security update."
"Will there be a specific patch for SharePoint?"
"No."
"The products using ASP.Net will be protected after this update is installed. If you have Exchange or SP, alll you need is this update."

See also the post from the SharePoint Product team blog.

Earlier:
The Microsoft SharePoint Product Group blog has updates about the recent security vulnerability involving ASP.Net. Note the 9/22/10 update. They also offer a workaround and a warning.

If you're interested in learning more about the oracle padding attack, Paul Robichaux, Exchange expert at Windows IT Pro magazine offers a detailed article that's worth a look.

Please or Register to post comments.

What's SharePoint Pro: By Admins, Devs, Industry Observers?

SharePoint admins, devs, and industry observers offer SharePoint tips, tricks, how-to's, and, of course, opinion and humor.

Upcoming Training

SharePoint and Business Intelligence: How to Manage the BI Nirvana

Wednesday, August 27th

In this interactive online training event you'll learn how your users can benefit from Microsoft's latest reporting technologies and how you can better manage the challenges of BI and SharePoint.

Enroll Now and SAVE 15%
View All Online Training

Upcoming Conferences

Register now to get the best rates available!

Recent Tweets

 

Sponsored Events & Resources

Events & Resources

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×