Page 1 of 1
ASP.NET security vulnerability
Posted: Sat Sep 18, 2010 9:12 am
by NC Software
Re: ASP.NET security vulnerability
Posted: Sat Sep 18, 2010 4:28 pm
by jmestep
Rats! Neal, I thought I beat you to something for a change.
http://www.microsoft.com/technet/securi ... 16728.mspx
Re: ASP.NET security vulnerability
Posted: Tue Sep 21, 2010 12:16 pm
by Logan Rhodehamel
AC will be OK if you comment out the custom 404 line in our default web.config file. Other than that it's using the same redirect for all errors.
Code: Select all
<customErrors mode="On" defaultRedirect="~/Errors/GeneralError.aspx">
<error statusCode="404" redirect="~/Errors/PageNotFound.aspx" />
</customErrors>
Should become:
Code: Select all
<customErrors mode="On" defaultRedirect="~/Errors/GeneralError.aspx">
<!-- <error statusCode="404" redirect="~/Errors/PageNotFound.aspx" /> -->
</customErrors>
At least until Microsoft fixes the problem.
Re: ASP.NET security vulnerability
Posted: Mon Sep 27, 2010 1:04 pm
by vn2479
Wow. I just downloaded the latest version of AC. Do I need to worry about this? Do I need to make the code change in my web.config file? I'm still learning web security. Much thanks!
Re: ASP.NET security vulnerability
Posted: Tue Sep 28, 2010 8:24 am
by NC Software
Microsoft is releasing a fix later today (9/28). All should do Windows Updates on your servers, etc. to install this security patch when released by Microsoft.
Re: ASP.NET security vulnerability
Posted: Tue Sep 28, 2010 1:05 pm
by NC Software
Re: ASP.NET security vulnerability
Posted: Fri Oct 01, 2010 7:22 am
by NC Software
The security fixes are NOW available via Windows Update. Be sure to update ASAP!