修复 ASP.NET security vulnerability

Just a few moments ago we posted new information and guidance related to the reported ASP.NET security vulnerability. This includes several pieces.

1) We updated http://www.microsoft.com/security/incident/aspnet.mspx with new information about the reported vulnerability. This should help clear up some of the confusion we've seen about what is affected by the reported issue. To be super clear, customers with any ASP.NET deployments, on ALL OS's should follow the guidance provided.

2) We released a new HTTP Module mitigation best practice. This is in the form of an MSI installer that will help protect all ASP.NET applications on a Web server. This MSI installer will place a binary into the GAC and update the machine.config file for ASP.NET. Download information at http://www.microsoft.com/downloads/details.aspx?FamilyID=da77b852-dfa0-4631-aaf9-8bcc6c743026&displaylang=en

One can also download the MSI directly at http://download.microsoft.com/download/4/6/1/461433d5-cbac-4721-85cb-c5a514fd0049/VPModule.msi

3) We have posted detailed guidance about the HTTP Module, how the MSI works, and how to deploy it. You can find this KB Article at http://support.microsoft.com/?kbid=887289

We will continue to update the Microsoft.com Security Incident page as new information / guidance becomes available so please let your customers know to check back often for new information. We will also continue to monitor the www.asp.net forums for customer questions.

 

http://www.microsoft.com/security/incident/aspnet.mspx for more information.

 

MS立志做得更好，也更加看重社区的力量。不错的新闻，不错的一天:)