{"id":792,"date":"2012-01-05T23:02:31","date_gmt":"2012-01-05T23:02:31","guid":{"rendered":"http:\/\/tech-no.104.210.61.21.xip.io\/?p=792"},"modified":"2012-01-05T23:02:31","modified_gmt":"2012-01-05T23:02:31","slug":"microsoft-releases-patch-for-hashdos-vulnerability","status":"publish","type":"post","link":"https:\/\/tech-no.org\/?p=792","title":{"rendered":"Microsoft releases patch for HashDos Vulnerability!"},"content":{"rendered":"

\"\"<\/a><\/p>\n

I received this in an email on the 29th of December: http:\/\/app.en25.com\/e\/es.aspx?s=2580&e=21873&elq=632ae2cdc0414364b170127ab46617ec<\/a><\/p>\n

in case the link is broken, here is the text:<\/p>\n

ALERT: Microsoft Releases Patch for HashDos Vulnerability
\n<\/strong><\/span>December 29, 2011<\/p>\n

Happy almost New Year! In response to some recent developments around a known vulnerability targeting .NET, Microsoft made the bold decision to issue an out-of-band patch to address the issue. We\u2019ve provided a quick look at the bulletin below. For an in-depth look at the background of this flaw as well as the up to date version of Retina you can use to identify if you have vulnerable systems, you\u2019ll want to check out the eEye Blog<\/a>. We\u2019ll be providing updates on this development for as long as we need to ensure the security community stays informed.<\/p>\n

Microsoft Security Bulletin MS11-100 <\/strong>
\nVulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
\nBulletin: http:\/\/technet.microsoft.com\/en-us\/security\/Bulletin\/MS11-100<\/a>
\nSeverity: Critical
\neEye Recommendation: Patch Immediately<\/p>\n

Interestingly, this patch covers not only the publicly disclosed \u201cHashDos\u201d vulnerability, but an additional three privately reported vulnerabilities in Microsoft .NET Framework. They all carry the potential for privilege escalation. As mentioned before, this is the first time in 2011 that Microsoft has released a patch outside of their typical Patch Tuesday release cycle. One could assume that this patch was to be part of an upcoming release cycle, and publicly disclosed attack methods being discussed online in the last few days may have forced their hand.<\/p>\n

Stay Up to Date on This Issue<\/strong>
\nBe sure to check back in at the eEye Blog<\/a> for new developments around this vulnerability and security bulletin, as well as updated product information on identifying and protecting vulnerable systems.<\/p><\/blockquote>\n

 <\/p>\n

here are some other links for your reading pleasure:<\/p>\n

Microsoft Security Bulletin MS11-100 – Critical<\/h1>\n

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)<\/h2>\n

http:\/\/technet.microsoft.com\/en-us\/security\/Bulletin\/MS11-100<\/a><\/p>\n

Article ID: 2659968 – Last Review: December 29, 2011 – Revision: 1.0<\/div>\n

Deployment guidance for security update 2638420, as described in MS11-100<\/h1>\n

http:\/\/support.microsoft.com\/kb\/2659968<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

As a side note, it looks like Microsoft is taking this seriously, we received a call directly from Microsoft to our CIO to let us know of the patches availability.\u00a0 If i were you, i would get it installed. The patches are already in Windows Update, so it is not longer a out of band patch.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

I received this in an email on the 29th of December: http:\/\/app.en25.com\/e\/es.aspx?s=2580&e=21873&elq=632ae2cdc0414364b170127ab46617ec in case the link is broken, here is the text: ALERT: Microsoft Releases Patch for HashDos Vulnerability December 29, 2011 Happy almost New Year! In response to some recent developments around a known vulnerability targeting .NET, Microsoft made the bold decision to issue …<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/792"}],"collection":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=792"}],"version-history":[{"count":1,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/792\/revisions"}],"predecessor-version":[{"id":794,"href":"https:\/\/tech-no.org\/index.php?rest_route=\/wp\/v2\/posts\/792\/revisions\/794"}],"wp:attachment":[{"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech-no.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}