Microsoft To Release Emergency Patch For ASP.Net Flaw

Microsoft is planning to release an out-of-band patch for a critical vulnerability found in its ASP.Net framework more than a week after it was publicly disclosed.

The company said in a security advisory that the vulnerability affects all versions of .NET framework running on Windows Server operating systems.

Consumers that don't run a web server from their computer are not at risk from the vulnerability.

Microsoft has also confirmed that a limited number of attacks using the vulnerability have been reported.

The software patch will be available for download from the Microsoft Download Center, which will allow IT administrators and end users to quickly test their systems and apply the update.

Dave Forstrom of Microsoft explained on the security advisory: “The update will also be released through Windows Update and Windows Server Update Services within the next few days as we test to make sure distribution will be successful through these channels.”