This post originated from an RSS feed registered with .NET Buzz
by Scott Watermasysk.
Original Post: Vulnerability Update
Feed Title: ScottW's ASP.NET WebLog
Feed URL: /error.aspx?aspxerrorpath=/blog/rss.aspx
Feed Description: ASP.NET and Blogging
Adding a couple lines of code your favorite Global.asax file was an OK for a
quick and immediate patch. However, it is not very realistic for a longer term
patch. Today, Microsoft has released an MSI which will install an
HttpModule into the GAC and adds it to your Machine.Config. This should
effectively patch all of your sites without the need to add any code
yourself.
Microsoft has released an HTTP module that Web site administrators can
apply to their Web server that will protect all ASP.NET applications on the
server against URL canonicalization problems known to Microsoft as of the
publication date. This module, as well as detailed guidance and deployment
information, is available from the Microsoft Download Center.
Previous Topic
