locked
Microsoft Security Bulletin MS10-070 - Important RRS feed

Answers

  • User-234406897 posted

    i have a live website in asp.net3.5.

    Do i need to put this fix? 

    I read on link u gave as below..But i have deployed on 3rd party hosting in that case how do i proceed?

    A) Yes you need to do this patch.

    B) Ask you hosting provider how they are managing this patch release and explain teh serverity. That is one of the problems of having 3rd party hosting in general your site admin does not have control of the server.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 29, 2010 6:13 AM

All replies

  • User541108374 posted

    Hi,

    it was detected by a security expert from South America and presented during a security conference.

    Microsoft released a hotfix/patch for it this morning: http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx.

    how it happens..where was the problem etc

    Microsoft didn't put all information in public which is quite understandable as to not expose ideas to people with the wrong intentions. The good thing is just that there's a fix for it.

    Grz, Kris. 

    Wednesday, September 29, 2010 5:11 AM
  • User2060565753 posted

    i have a live website in asp.net3.5.

    Do i need to put this fix? 

     

    I read on link u gave as below..But i have deployed on 3rd party hosting in that case how do i proceed?

     

    What is the impact of applying the update to a live web-server?

    If you apply the update to a live web-server, there will be some period of time when the web-server will be offline (although an OS reboot should not be required). You’ll want to schedule and coordinate your updates appropriately.

    Importantly – if your site or application is running across multiple web-servers in a web-farm, you’ll want to make sure the update is applied to all of the machines (and not just some of them). This is because the update changes the encryption/signing behavior of certain features in ASP.NET, and a mix of patched and un-patched servers will cause that encryption/signing behavior to be incompatible between them.  If you are using a web-farm topology, you might want to look at pulling half of the machines out of rotation, update them, and then swap the active and inactive machines (so that the updated machines are in rotation, and the non-updated ones are pulled from rotation and patched next) to avoid these mismatches.

    Wednesday, September 29, 2010 5:57 AM
  • User-234406897 posted

    i have a live website in asp.net3.5.

    Do i need to put this fix? 

    I read on link u gave as below..But i have deployed on 3rd party hosting in that case how do i proceed?

    A) Yes you need to do this patch.

    B) Ask you hosting provider how they are managing this patch release and explain teh serverity. That is one of the problems of having 3rd party hosting in general your site admin does not have control of the server.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 29, 2010 6:13 AM