共用方式為

Out of Band Release to Address Microsoft Security Advisory 2416728

  • 發行項

imageToday we provided advance notification to customers that we will release an out-of-band security update to address the vulnerability discussed in Security Advisory 2416728. The update is scheduled for release tomorrow, Tuesday, September 28, 2010 at approximately 10:00 AM PDT. The bulletin has a severity rating of Important and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework when used on Windows Server operating systems. Windows desktop systems are listed as affected, but consumers are not vulnerable unless they are running a Web server from their computer.

For all the details see the Microsoft Security Response Center post here.

J.C. Hornbeck | System Center Knowledge Engineer

The App-V Team blog: https://blogs.technet.com/appv/
The WSUS Support Team blog: https://blogs.technet.com/sus/
The SCMDM Support Team blog: https://blogs.technet.com/mdm/
The ConfigMgr Support Team blog: https://blogs.technet.com/configurationmgr/
The OpsMgr Support Team blog: https://blogs.technet.com/operationsmgr/
The SCVMM Team blog: https://blogs.technet.com/scvmm/
The MED-V Team blog: https://blogs.technet.com/medv/
The DPM Team blog: https://blogs.technet.com/dpm/
The OOB Support Team blog: https://blogs.technet.com/oob/
The Opalis Team blog: https://blogs.technet.com/opalis

clip_image001 clip_image002

Comments

  • Anonymous
    September 27, 2010
    I didn't see if reboots will be required.
  • Anonymous
    September 28, 2010
    I've updated my WSUS server several times since 10AM and I don't see this particular update. I see serval others 2362765, 2158563, etc but not 2416728.  What gives?
  • Anonymous
    September 28, 2010
    @RobertMS10-070 isn't distributed via WSUS/WU/AU at the moment, it's only availlable via DownloadCenter right now. As the linked MSRC blog posting states, it's intended to be distributed via WSUS/WU/AU "within the next view days" - whatever the exact timeframe will be.
  • Anonymous
    September 29, 2010
    If this issue is important enough for an Out Of Band Release then why is it not important enough to be in WSUS/WU/AU in a timely manner?
  • Anonymous
    September 29, 2010
    Ottmar, Thanks for the clarification.  But I'm with Eric and probably lots of other admins who just naturally assumed this would be in WSUS on Tuesday at 10 AM PT.   Several updates were released, including some that required reboots so would have nice to get it all over at once.
  • Anonymous
    September 29, 2010
    Since there's no further official word yet from MS about the backgriound for not distribution MS10-070 via the WU/WSUS channels, it's all about speculation. Patching their servers first and/or a complicated detection mechanism to get the potentially affected systems may play a role.As the bulletin itself states in the FAQ section: "These updates will also be provided through our other standard distribution methods once testing has been completed to ensure distribution will be successful through these channels."