Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST.
The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. While we’re currently unaware of any attacks targeting ASP.NET, we encourage all customers to test and deploy the update when it is available.
We will also hold a special edition webcast on Thursday, December 29 at 1 p.m. PST. Click here to register.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Microsoft Trustworthy Computing