Microsoft releases security update outside of Patch Tuesday

Microsoft has stuck with releasing new patches for its various software products on Tuesday in 2011. That is until this week, Microsoft had yet to release a software patch outside of its normal pattern. That ended on Thursday. PCWorld.com reports that Microsoft tripped up its perfect record by releasing a quick patch for its ASP.NET web application program.

The patch, MS11-100, was designed to combat a flaw that was discovered in a number of web applications programs that, if exploited, could bring a web server down with relative ease.

Microsoft released the patch very quickly. In a statement, Dave Forstrom, the director for Microsoft Trustworthy Computing, said that Microsoft was unaware of any cyber attack against an ASP.NET-based program. However, he said that the exploit was severe enough that the company wanted to get a patch out before the normal Tuesday release date. Users of ASP.NET should download and install the patch as soon as possible.

Microsoft has now officially released 100 security bulletins for its products in 2011, which is slightly lower than the 106 bulletins it released in 2010.

Report a problem with article
Previous Story

TechSpot: The Year in Tech - 2011 Most Relevant Stories

Next Story

OWS trying to make a new Facebook for the 99%

9 Comments

Commenting is disabled on this article.

Wonder if this in any way relates to the WP7 parse error exploit.

Rumour was that parse exploit on the phone was deeper in the .net stack than just the phone and affected asp.net, silverlight, and others.

dotf said,
Wonder if this in any way relates to the WP7 parse error exploit.

Rumour was that parse exploit on the phone was deeper in the .net stack than just the phone and affected asp.net, silverlight, and others.

I was wondering the same thing.

dotf said,
Wonder if this in any way relates to the WP7 parse error exploit.

Rumour was that parse exploit on the phone was deeper in the .net stack than just the phone and affected asp.net, silverlight, and others.

It's a bug, not an exploit. Typing a random string is NOT exploiting anything, that doesn't even require effort.

It's better to have the patch released as quick as possible than waiting until the next "Patch Tuesday", in my opinion.

Jimmy422 said,
It's better to have the patch released as quick as possible than waiting until the next "Patch Tuesday", in my opinion.

For something like a severe 0 Day exploit like this, absolutely

I only found about about this exploit yesterday, and when I finished reading the article about it, Paul Thurrott popped up on my twitter feed saying that a patch was available

That's a good turn around time

Jimmy422 said,
It's better to have the patch released as quick as possible than waiting until the next "Patch Tuesday", in my opinion.

I totally agree. I don't see the need for patch Tuesday in the first place. If they have any patch, they should release it immediately so people can update and protect themselves.