ACTION REQUIRED Latest ASP.NET Vulnerability (Advisory #2416728) Affects SharePoint 2010

Monday, September 20, 2010 5:59 PM

You might have heard by now about the latest security advisory for ASP.NET (#2416728) that many folks are talking about. It involves the being able to request and download files via the web.config file. Scott Guthrie’s blog post as well as the advisory discuss how to address the issue.

This issue also affects SharePoint because it is an ASP.NET application. Microsoft has recently blogged that it affects SharePoint and the workaround should be applied ASAP on every single SharePoint WFE server. Check the SharePoint team blog post for details.

» TechNet: Security Advisory 2416728 » Scott Guthrie: Important: ASP.NET Security Vulnerability » SharePoint Team Blog: Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint

comments powered by Disqus