Microsoft Releases Out-of-band Security Patch for .NET Vulnerability

Before closing of 2011 Microsoft Corp. released its 100th security update which is being viewed as a rare out-of-band update.

Termed as MS11-100, the update has been made available on Thursday which is surprisingly few days before their regular Patch Tuesday release.

The update has been rated as Critical for a Denial of Service (DoS) vulnerability and the post specifically praises the team behind this update, the ASP.NET team for this "holidays heroics".

Four patches have been made available through the update which affected the Microsoft .NET Framework in a number of supported versions of Windows operating system that includes Windows Server 2003, Windows XP SP3, Windows 7, Windows Vista, Windows Server 2008 and also 2008 R2.

The unpatched systems might allow cyber attackers to "take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands."

The latest MS11-100 update will be made available without any intervention of the user with those machines which have their Automatic Updates option on. Manual update is also possible in case automatic updates are turned off.

Andrew Storms, director of security operations at nCircle, commented, "Microsoft has obviously been working overtime through the Christmas holiday to deliver an out-of-band patch for the DoS bug", reported CRN.