Microsoft ended the year with a critical security update. Security Update MS11-100 was released to address the issue described in Security Advisory 2659883.
The update resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework.
Update: December 2011 Out-Of-Band Security Bulletin Webcast Q&A
Known Issues
See KB Article 2638420, MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011.Reminder
When updating .NET Framework, always install the update separately from other updates and follow with a shutdown/restart.Support
The following additional information is provided in the Security Bulletin:- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.
References
- MSRC: Microsoft releases MS11-100 for Security Advisory 2659883
- TechNet: Microsoft Security Bulletin MS11-100 - Critical
- Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service
- ASP.NET security update is live!