Microsoft releasing an out-of-band security update to address the vulnerability discussed in Security Advisory 2416728 on Sep’28th at approx. 10:00 AM PDT. “The bulletin has a severity rating of Important and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of .NET Framework when used on Windows Server operating systems. Windows desktop systems are listed as affected, but consumers aren’t vulnerable unless they’re running a Web server from their computer,” explained Microsoft.
“Security update is fully tested, but will be made available initially only on Microsoft Download Center. The update will also be released through Windows Update and Windows Server Update Services within next few days as we test to make sure distribution will be successful through these channels. For customers using Automatic Update, this Security Update will automatically be applied once it’s released broadly,” Microsoft added.