Microsoft has posted advance notification that it will post an out-of-band security bulletin for Windows later today.US-CERT is quoting the Microsoft SharePoint Team as saying the bulletin will fix a recently reported vulnerability in ASP.NET that could allow an attacker to access sensitive information data (CVE-2010-3332).
Microsoft’s Sept 17 advisory “Vulnerability in ASP.NET Could Allow Information Disclosure” is here.
The fix affects nearly all releases of Microsoft Windows:
— Windows XP Service Pack 3
— Windows XP Professional x64 Edition Service Pack 2
— Windows Server 2003 Service Pack 2
— Windows Server 2003 x64 Edition Service Pack 2
— Windows Server 2003 with SP2 for Itanium-based Systems
— Windows Vista Service Pack 1 and 2
— Windows Vista x64 Edition Service Pack 1 and 2
— Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
— Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
— Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
— Windows 7 for 32- and x64-based Systems
— Windows Server 2008 R2 for x64-based Systems and Itanium-based Systems
Update:
Microsoft Security Bulletin MS10-070 – Important
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) here.
Tom Kelchner