Out of band update today

On December 30, 2011, in Uncategorized, by

So tonight on your wsus MS11-100 sync’d up.  An out of band .net update.

http://blogs.technet.com/b/msrc/archive/2011/12/29/microsoft-releases-ms11-100-for-security-advisory-2659883.aspx

On workstations I see no need to rush here.  In fact I see low risk if you decide to pass on this update.

On servers, unless it’s a public facing web server, I’m not seeing a huge rush either. 

For anyone running high targeted cloud servers, you not only need to be concerned about .net but ruby, java and apache patching as well as this is a hash table denial of service for lots of web servers.

But for us normal folks…. this is not an out of band that I would be freaking out over.

 

4 Responses to Out of band update today

  1. Niklas says:

    Thank you for the information. Is this patch needed for a website with static html pages running on WS2008 R2?

  2. bradley says:

    http://blogs.technet.com/b/msrc/archive/2011/12/30/december-2011-out-of-band-security-bulletin-webcast-q-amp-a.aspx

    *Q: If the main target is Internet facing systems with IIS & ASP.NET installed, should I concentrate on patching my webservers first before patching client systems?**
    A:* Prioritization for this update would be specific to users’ environments, but servers that are internet-facing and accept input from unauthenticated or untrusted user-provided content are most affected and should be prioritized. Likewise, clients are typically not in a web server role, and so systems that are running a web server role should be prioritized.

    Do you use asp.net and forms based authentication?

  3. Niklas says:

    Thanks Susan for the answer. We don’t use asp.net and forms based authentication.

  4. After installing the patches for this on Windows Server 2008, the Perfmon counters for Asp.NET Applications -> Requests/Sec and Request Execution Time have stopped functioning.