Tagged: Coding, DotNet, ASP.Net
Last month an alert went out from Microsoft about a severe vulnerability in ASP.Net. A quick workaround was stepped through but the kernal of the issue remained.
I just got this email blast from the DotNetNuke folks (very very nice of them even as I am no longer a Nuke user) about the official patch now being available as direct download AND NOW Windows Update.
I used Windows Update for two side servers today and they were all there correctly; Just use Custom and scan the list of Recommendeds/HighPriorities for ones marked with KB24xxxxxx, you can verify the exact patches by the KnowledgeBase listings on Scott Guthrie's blog post.
No matter your OS, if you run ASP.Net you should get the updates. If money is on the line then of course you have to check the fine print and scan the comments of Guthrie's blog post and do extra testing ASAP in case you are doing some off-kilter code that hits a boundary of the patch.
Here is the email I got from the Nukers...
Now, I haven't used DNN for years, I used it for a company back in v4x and even after getting the lightbulb on its code style and doing more than a few customizations I just had a knock down drag out with one of the core developers who would only do his job if you would publically call him a god rock star (oy, non-profits). With all that I turned away from it in favor of coding to needs instead of shoe-horning. BUT I do appreciate that they didn't lose my email address because quite honestly their alerts have been more timely and digestible than the ones I get from MSDN services. If you like me get all the MS Sec emails but have grown to tune them out... maybe you might want to just sign up with nuke and let them blast you... odd way of doing things but with the last two months of severe issues it has been a saver for me. ;-)
Go get patched!