Microsoft ASP.Net OOB Patch

sorry to interrupt the flow of the Making the Web Work for You series, but this is somewhat important. Microsoft issued a patch last week for the outstanding .Net issue that could pose a significant threat to those of you with Internet facing IIS servers. Although all .Net systems are vulnerable, the affected IIS boxes do pose the greatest risk for exploit. For some reason the OOB (out of band) patch is only available through MS Download Center.


IE Zero Day Exploit

If you have not heard, there is a very serious Internet Explorer Zero Day exploit making it's rounds.  How serious?  Serious enough for Microsoft to put forth an Out-of-Band patch for it.  This is very much related to the Google China network compromise that has been in the news recently - this was one of the exploits leverage that gave hackers access to Google's network.  Since then the exploit code has shown up in various places on the Internet where more blackhats and criminals have gotten their hands on it.

While initially an IE 6 exploit, proof of concept code now exists that can target IE 7 - IE 8 appears to be somewhat protected if DEP is still enabled on the system.

This exploit is serious enough where the French and German governments have issued public advisories to it's populace to use an alternate browser like Firefox or Opera.


Page optimized by WP Minify WordPress Plugin