Microsoft will be releasing an out of band security patch today to address a flaw in its Windows Server operating systems.
The vulnerability in ASP.NET was reported on September 17 when an attacker used it to view encrypted files on a server and meddle with the data before sending it back.
Now the company is releasing an unscheduled bulletin, rated as important, to fix the issue.
“Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defences and workarounds,” wrote Dave Forstrom, director of Trustworthy Computing at Microsoft, in a blog post.
He also said, whilst Windows desktops were listed as affected, they were only at risk if people used them as web servers as well.
Initially the update will only be available through the Microsoft Download Centre.
“This enables us to get the update out as quickly as possible, allowing administrators with enterprise installations, or end users who want to install this security update manually, the ability to test and update their systems immediately,” added Forstrom.
It will then go out through the usual Microsoft updates route over the next few days.
This article originally appeared at itpro.co.uk
Copyright © ITPro, Dennis Publishing
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.