Microsoft Issues Emergency Patch for ASP.Net Flaw

Kara Reeder

Following an admission last week that a vulnerability in ASP.Net's encryption was being actively exploited, Microsoft has delivered an emergency patch, reports Computerworld.


As the MS10-070 update points out, the vulnerability could be exploited to allow information disclosure and data tampering. The update also notes:

Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.

According to, the update will not be immediately available through Automatic Updates, but rather through the Download Center. As Microsoft told IDG News Service:

This is the first time we've released [an] update this way, but due to the nature of the active attacks and the severity of the potential loss of data, we are releasing the security update to the Microsoft Download Center first so customers (specifically large enterprises, hosting providers, and ISVs) can begin updating their systems.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data