Microsoft Security Bulletin MS06-033 - Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

This vulnerability in ASP.NET 2.0 web applications allows an attacker to access by bypass ASP.NET security and request files from application folders if the attacker knows the specific name of the file. If successful this would like provide the attacker with sensitive information about the application’s inner workings which the attacker to could leverage in further attacks on the application. Application folders are named “App_*”. The mitigating factors and viable workarounds published in this bulletin will allow most of you to defer installation of this update until you can fully test it with your applications.

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.

Upcoming Webinars by Randy Franklin Smith

Managing File Permissions on Windows Server: There's More Than Meets the Eye

Anatomy of a Hack: Tracking an Intruder with Security Logs

Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit