Out of band update today

So tonight on your wsus MS11-100 sync’d up.  An out of band .net update.


http://blogs.technet.com/b/msrc/archive/2011/12/29/microsoft-releases-ms11-100-for-security-advisory-2659883.aspx


On workstations I see no need to rush here.  In fact I see low risk if you decide to pass on this update.


On servers, unless it’s a public facing web server, I’m not seeing a huge rush either. 


For anyone running high targeted cloud servers, you not only need to be concerned about .net but ruby, java and apache patching as well as this is a hash table denial of service for lots of web servers.


But for us normal folks…. this is not an out of band that I would be freaking out over.

4 Thoughts on “Out of band update today

  1. Thank you for the information. Is this patch needed for a website with static html pages running on WS2008 R2?

  2. bradley on December 30, 2011 at 5:53 pm said:

    http://blogs.technet.com/b/msrc/archive/2011/12/30/december-2011-out-of-band-security-bulletin-webcast-q-amp-a.aspx

    *Q: If the main target is Internet facing systems with IIS & ASP.NET installed, should I concentrate on patching my webservers first before patching client systems?**
    A:* Prioritization for this update would be specific to users’ environments, but servers that are internet-facing and accept input from unauthenticated or untrusted user-provided content are most affected and should be prioritized. Likewise, clients are typically not in a web server role, and so systems that are running a web server role should be prioritized.

    Do you use asp.net and forms based authentication?

  3. Thanks Susan for the answer. We don’t use asp.net and forms based authentication.

  4. After installing the patches for this on Windows Server 2008, the Perfmon counters for Asp.NET Applications -> Requests/Sec and Request Execution Time have stopped functioning.

Post Navigation