ASP.net Security Patch

The Microsoft team has put out a patch for the POET vunerablity in ASP.net.

http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx

This vulnerability allowed access to files on the server. This is very bad considering some of the files on an IIS server are not meant to be shared, in particular the web.config file. Prior to the patch there were some workarounds that would help stop this attack. URLscan modifications and also defining a custom error page.

Leave a Comment