ie8 fix
madison

The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

Microsoft releases out-of-band security update to plug .NET hole

By | December 29, 2011, 11:41am PST

Summary: Just in time for the new year, Microsoft released a rare out-of-band security update, its 100th of the year. The update represents “holiday heroics” for the team that sacrificed Christmas to plug a serious security hole.

No one in Redmond is popping champagne to celebrate the 100th and last Microsoft security update of the year.

MS11-100, released today, is a rare out-of-band security update—one delivered on a Thursday, several weeks ahead of the next regularly scheduled Patch Tuesday release.

The bulletin, described in this blog post, is rated Critical for a Denial of Service (DoS) vulnerability and specifically praises the ASP.NET team for its “holiday heroics”:

Yesterday evening, we published an Advanced Notification alerting customers to a new out-of-band security update planned to be released today. The notification listed the update as addressing a Critical Elevation-of-Privilege vulnerability, leading to several questions from customers who expected the bulletin addressing a Denial-of-Service vulnerability to be rated Important.

Before hearing about this vulnerability, we had planned to release a .NET security update addressing three vulnerabilities, one of which was a Critical elevation-of-privilege vulnerability. When this vulnerability notification arrived a few weeks ago, the ASP.NET team included the fix into the update already being developed and tested. So the bulletin today addresses four vulnerabilities, one of which is the ASP.NET Denial-of-Service vulnerability presented yesterday. You can read more about the other vulnerabilities in the Security Bulletin and we also invite you to join us for a webcast at 1:00 p.m. PST today (Dec 29) where we will describe the vulnerabilities and answer your questions live “on the air.” You can sign up for the webcast here.

The four patched vulnerabilities affect the Microsoft .NET Framework on every supported version of Windows, including Windows XP SP3, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 and 2008 R2. Exploits against unpatched systems could allow an attacker to “take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands.”

The update will be delivered without user intervention to machines that have Automatic Updates turned on. If you prefer not to wait, open Windows Update and check for updates manually. Here’s what it looks like.

Typically, an out-of-band update indicates that the risk of “in the wild” exploits is high, so this update demands immediate attention.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The Ed Bott Report”

Topics

Microsoft .NET, Vulnerability, Microsoft ASP.NET, Microsoft Corp., Security Update, Patches, Microsoft Windows, Security, Operating Systems, Software, Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books written prior to fall 2011 have been distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press. As of November 2011, Ed is a partner in the independent publishing company Fair Trade Digital Exchange, which exclusively publishes his books.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMware. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
48
Comments
Add Your Opinion

Join the conversation!

Just In

24/7 profession
Martmarty 31st Dec
@Pete "athynz" Athens

Won't be appreciated by those who work in industries where holidays are moved to other dates. Those in medical/hospitals, aviation/airports, security and other fields have spent most of their christmas and new year at work. I for one, have already spent 3 christmas and 3 new years at work.
View in thread
0 Votes
+ -
It would be nice
msalzberg 29th Dec
if, for once, the following posts would acknowledge that Microsoft, like all reputable companies, cares about the security if their software and doing all they can.

It would be nice.
0 Votes
+ -
Nice indeed
klumper Updated - 29th Dec
@msalzberg

Both you and I have our fair share of criticisms when it comes to Microsoft and the MS Way, but their attitude and attention to security today is light years beyond what it once was. If it weren't, the world of computing would be in a far uglier place as we speak.

Criticized as he was for his prioritizations and principles, Jim Allchin's pragmatic decision to release the SEC-based XP SP2 instead of a new OS was one of the wisest moves the company ever made, irrespective of the short-term fallout that came from extending XP's serviceable life and reach.

It gained the company what it was quickly losing in the evolving eco/security sphere: respect. Well needed respect. The kind that alienated, then ameliorated, many who were looking seriously for alternatives and outs from that Swiss cheese fondue called Windows.

Redmond made a similar slick move when it saw - belatedly - the light at the end of the quickly growing WWW, and the advantage of having their own window to that world. In time they hammered together a superior (and *free*) browser [goodbye Netscape]. sad

Ironically, Mozilla - using reforged Netscape bits coined Firefox - would kick them in their complacent keester once again when they fell asleep at the progress switch only a light year or two later.
0 Votes
+ -
I have to agree
Third of Five 29th Dec
@msalzberg I definitely believe in giving credit where it's due--they've taken security very seriously (some might argue a little too seriously in some cases, but that's subject to interpretation) in recent years. Comparing their general attitude now to the days of macro viruses in various Office programs is like comparing summer and winter.

Overall, as much criticism as they get, I do think that when they do something right, it should get attention.
0 Votes
+ -
They're just doing the job that they have to do
ScorpioBlue 30th Dec
Otherwise it'll be lawsuit heaven and we don't want that, now do we. wink
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Return_of_the_jedi Updated - 31st Dec
@ScorpioBlue

Lets just give them a golf clap.
0 Votes
+ -
Vulnerability was REPORTED IN 2003
wackoae 30th Dec
@msalzberg Kind of hard to acknowledge good work when the work is 8 years late and the problem was passed along to newer products.
0 Votes
+ -
Can you provide a credible reference?
ye 30th Dec
@wackoae: Kind of hard to acknowledge good work when the work is 8 years late and the problem was passed along to newer products.

I can't find a reference to this effect.
0 Votes
+ -
Right, but in the name of full disclosure
klumper 30th Dec
@wackoae

The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle's Java and Google's V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde.

Andrew Storms, director of security operations at nCircle Security: "I'd have to agree that we all expected vendors to have fixed this by now. On the other hand, there is a lot of research out there and its not always possible to be on top of everything. It's not as though this kind of attack has been ongoing in the wild since 2003 and everyone refused to fix it."

Microsoft's rush to patch the flaw in ASP .Net hinted at the seriousness of the bug.

"Microsoft will be the one to watch and see if they go out of band and if so, when," Storms said Wednesday night, before Microsoft announced today's patch.

Other programming language developers have already offered fixes to their software.

Some, however, will take their time implementing a fix, said Klink and Walde.

Excerpted source: http://news.idg.no/cw/art.cfm?id=7076A4AF-C45C-A604-D099CC4F83CA0764
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Rabid Howler Monkey 30th Dec
@ye Here's another reference:

http://nakedsecurity.sophos.com/2011/12/28/large-percentage-of-websites-vulnerable-to-hashdos-denial-of-service-attack/
"Perl was updated to fix this problem in version 5.8.1, which was released in September of 2003. For some reason most of the other languages did not take the cue from Perl and are still vulnerable to these attacks.
0 Votes
+ -
Perhaps I'm missing something but I'm not seeing it.
ye 30th Dec
@Rabid Howler Monkey: All I've been able to find is a reference from 2003 to a generic issue with hashing but nothing pointing to a specific flaw in .NET.
0 Votes
+ -
You're almost there
klumper Updated - 30th Dec
@ye
All I've been able to find is a reference from 2003 to a generic issue with hashing but nothing pointing to a specific flaw in .NET.

That IS the issue (flaw), something all these languages share.

From my post above: The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net.

Now re-read RHM's comments.
0 Votes
+ -
Show me something from 2003.
ye 30th Dec
@klumper: Your link is dated December 29, 2011. The date of the patch advisory. I want to see some reference from Alexander Klink and Julian Walde dated 2003 which specifically names .NET as being vulnerable. All I can find is a generic reference to hashing algorithms but nothing about a specific implementation. At least not one dating back to 2003. Can you provide one?
0 Votes
+ -
Potential threat 2003 | Realization 2011
klumper Updated - 30th Dec
@ye

From the same article I posted:
Klink and Walde credited another pair of researchers -- Scott Crosby and Dan Wallach -- for outlining the attack vector in 2003, and applauded the Perl programming language for patching its flaw then.

In a security advisory issued the same day [Wednesday, December 28, 2011], Microsoft, whose ASP .Net programming language is one of several affected by the flaw, promised to patch the vulnerability and offered customers ways to protect their servers until it releases an update.

See also:
"Hash collision denial-of-service attacks were first detailed in 2003, but recent research details how these attacks apply to modern language hash table implementations."
http://www.kb.cert.org/vuls/id/903934

I think it can be safely concluded that MS was aware of it like everyone else, but until these latest developments, felt it merited less than full attention.
0 Votes
+ -
Again: Please show me something from 2003 with a specific reference to .NET
ye 30th Dec
@klumper: The quotes which have been given reference articles from December 2011. A search on "Scott Crosby and Dan Wallach" results in references to a generic issue about hashing but none of the articles I looked at specifically reference .NET.

So again I ask: Can you provide a reference from 2003 which specifically mentions .NET. I don't want anything dated from December 2011 which references "Scott Crosby and Dan Wallach". I want a specific reference from 2003 which specifically calls out .NET. Can you?
0 Votes
+ -
Perspective
Rabid Howler Monkey 30th Dec
@wackoae A link to the original, 2003, article:

"Denial of Service via Algorithmic Complexity Attacks
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003/

Perl was among the applications tested in this study and was adversely impacted. Additional applications tested in this study included the Bro intrusion detection system, SQUID web proxy server and Dan Bernstein's DNS server. As Perl was explicitly tested, adversely impacted, and the results of the study were published, fixes were implemented by Perl developers in 2003. Clearly, the developers of applications untested in this study were either unaware of the article or were unconcerned.

In the article's conclusion, it is stated that the smaller address space of IPv4 systems provides some (limited) protection from this type of attack. It also states that the much larger address space of future IPv6 systems will make it much easier for an attacker to find collisions. And given that the last IPv4 address was assigned by IANA earlier this year, perhaps the timing of the current fixes by Microsoft and others is not as bad as some individuals are making it out to be.
0 Votes
+ -
Is this really necessary?
klumper 30th Dec
@Ye
I want a specific reference from 2003 which specifically calls out .NET.

AFAIC, what constitutes the seriousness of any potential threat remains for those whose products are directly affected or involved, in this case Microsoft (et al), to weigh and decide.

No one needs to specifically call out MS (or cite .NET) from 2003, for no other reason than all of this is covered under complicity by mutual association. wink

Again from the article I originally posted:
Can and Ness of Microsoft said that the company "anticipate(s) the imminent public release of exploit code," and urged ASP .Net customers to apply the patch or the workarounds described in the advisory.

AFAICT, with these latest developments (ref Klink and Walde, plus MS quotation above), that same potential threat, first documented in 2003, has now been amplified >> realized >> in 2011.

Sometimes you've got to learn to read between the lines. If not, maybe contact Microsoft direct for the uniquely divine answer you seek. Ask if they were somehow caught unaware of this potentiality all this time, then let us know.

[Or hey, maybe the Perl people are just leagues brighter?]
0 Votes
+ -
Contributr
One of four vulnerabilities
Ed Bott 31st Dec
@wackoae

There were four vulns fixed in this update. One is the HashDOS vuln that was first theoretically identified in 2003 but was not specifically called out until last week.
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Return_of_the_jedi Updated - 31st Dec
@Rabid Howler Monkey
@klumper

Good luck getting through to 'ye'.
For him no reference will be good enough.
0 Votes
+ -
RE: Return_of_the_Jedi.
Joe.Smetona 31st Dec
@ROTJ ... Ever cut the trunk of a Christmas tree and get pine tar on your hands? You can't get away from it very easily.
0 Votes
+ -
RE: One of four vulnerabilities
Rabid Howler Monkey 31st Dec
@Ed Bott wrote:
"One is the HashDOS vuln that was first theoretically identified in 2003 but was not specifically called out until last week.

There was nothing theoretical about the 2003 study for Perl and the other applications tested. The publication of the article effectively "called out" the vulnerability for the Perl devs who promptly included a fix in version 5.8.1. Clearly, other frameworks/languages such as .NET, Ruby, Python did not, for various reasons, connect the dots. From the original, 2003, article's (both referenced and linked above) conclusion:

"As such, we strongly recommend that network packet processing code be audited for these vulnerabilities

And Perl is available for both Windows and Mac OS X (by default). Aren't these the OSs that you *theoretically* cover in your blog?
0 Votes
+ -
It's a hard call
klumper Updated - 31st Dec
@Rabid Howler Monkey

Re the HashDOS vulnerability first theoretically identified in 2003:

I think the only fair way to assess such things - vulnerabilities based on theories or potentialities - would be to know the totality of the numbers involved. If such things were relatively scarce, there would be no excuse not to put in the time and resources necessary to remedy them, regardless of their "applicable" merits to the here and now.

If OTOH they come from every direction - the numbers being something only MS would know, considering the size of their platform - with many being far from practical realization, then one might have to pick and choose when to act in the name of prioritization, based on pragmatic considerations.

Even you conceded: "[P]erhaps the timing of the current fixes by Microsoft and others is not as bad as some individuals are making it out to be." The problem is, we only know so much beyond the fact that they've now decided to act based on these latest developments (realization of the threat from the call out =|= vulnerability from the imminent public release of exploit code).
0 Votes
+ -
Pine tar
klumper Updated - 31st Dec
@Return_of_the_jedi
Good luck getting through to 'ye'. For him no reference will be good enough.

@Joe.Smetona
Ever cut the trunk of a Christmas tree and get pine tar on your hands? You can't get away from it very easily.

He does bring a new appreciation to the Doubting Thomas figurine (or would a Chihuahua at yer heels be more apropos?). silly
0 Votes
+ -
RE: It's a hard call
Rabid Howler Monkey 31st Dec
@klumper If you take note of my posts on this article, I have been quite even-handed with Microsoft on this matter. I've not held them to a higher standard with .NET than Apache Tomcat, PHP, Python, etc.

My gripe is that Ed wrote this .NET update article immediately following this one on Android updates:

http://www.zdnet.com/blog/bott/why-android-updates-are-a-mess-its-the-business-model/4300

IMO, Android deserves a lot of the bad press it has received regarding updates and upgrades. But, this particular post by Ed of Microsoft's out-of-band .NET update was self-serving given the history of the vulnerability (read the vulnerability was quashed in 2003 for Perl). Here's the alert for the .NET update from the ZDNet front page:

"Alert: Microsoft releases out-of-band security update to plug .NET hole

We now know that a number of applications had to be updated very quickly to patch the hash collision vulnerability, including PHP. And PHP is used in conjunction with Microsoft IIS by a number of web developers as evidenced by this tutorial on iis.net, a Microsoft site:

http://learn.iis.net/page.aspx/246/using-fastcgi-to-host-php-applications-on-iis/

The ZDNet alert is silent on the PHP update. For Windows, which is Ed's beat!
0 Votes
+ -
Maybe EB will respond to that
klumper Updated - 31st Dec
@Rabid Howler Monkey
If you take note of my posts on this article, I have been quite even-handed with Microsoft on this matter.

Even-handed for sure, and I for one appreciate your takes and observations. What I was adding, almost by way of epilogue, is that it's hard to determine the full scoop of a story when you know you don't possess all the minute details.

Doesn't keep us from trying of course, but many stories, events, issues happen to be polyphasic. And/or situational. And/or circumstantial. Life can be a bi~tch.

As for the Android updates mess EB, JK and others have been hashing out, tbt I only marginally follow smartphone/tablet/small form news since it's already a challenge just to stay on top of the full sized computing ecosphere in all its expansive and scattered and ass-biting hues.

One thing I know we agree on: MS, though far from saintly, is not the devil incarnate either (even if they somehow keep us wondering). wink

Hey Happy New Year to you!
0 Votes
+ -
RE: Maybe EB will respond to that
Rabid Howler Monkey 31st Dec
@klumper Good analysis. I agree wholeheartedly.

A happy new year to you as well.
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Doctor Demento 31st Dec
@wackoae

The Apple zealots around here are always justifying, excusing and condoning Apple's lax attitude towards security by pointing out that there's a big difference between a 'vulnerability' and 'an exploit', and MS managed to patch this before there was an exploit in the wild.
0 Votes
+ -
8 years??!!
ScorpioBlue 30th Dec
@msalzberg Kind of hard to acknowledge good work when the work is 8 years late and the problem was passed along to newer products.

And we're supposed to congratulate them for this? LOL...

EPIC FAIL!
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
jgm@... 30th Dec
@ScorpioBlue The vulnerability's been there since 2003 and they couldn't wait until patch tuesday to push out the release???
0 Votes
+ -
Well done MS
Johnny Vegas 29th Dec
Patched in impressive response time.
0 Votes
+ -
Yeah, 8 years
ScorpioBlue 30th Dec
Impressive time.
0 Votes
+ -
Kudos Microsoft for keeping us safe in a timely fashion
WinTard 29th Dec
Being the weakest link in the chain (me WinTard a human being) I must say reality is radically different from the FUD spewed out by naysayers with hidden agendas, and IMHO, Microsoft provides excellent and timely security, which is what I consider being responsible towards their customers and what I think quality == reliability is.

And thanks to Ed Bott for staying on top of such issues. I had no idea this was needed, yet after reading this article, I'm updating all my systems (at home) on the spot.

~~~~~~~~~~
Gratitude is not only the greatest of virtues, but the parent of all others.
~ Cicero, 106 BC-43 BC

It's a sign of mediocrity when you demonstrate gratitude with moderation.
~ Roberto Benigni, 1952-present

You know, feeling a lot of gratitude actually makes things taste better???
~ Bridgett Walther
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
pacificak Updated - 30th Dec
Now lets wait and see how long others take to patch one of these vulnerability which affects not just .Net but also Tomcat, V8 among others.

the "Collisions in HashTable May Cause DoS Vulnerability"..
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Rabid Howler Monkey Updated - 30th Dec
The "others", including GlassFish, Jetty, JRuby, PHP, Plone, Rack, Ruby, Tomcat, have all announced vulnerabilities. JRuby, Ruby and Tomcat have been updated. PHP is fixed in the SVN repo. Rack is fixed in the GIT repo. More here:

http://secunia.com/advisories/historic/

Perl was fixed in 2003 when this vulnerability was first discovered.
0 Votes
+ -
How is this an issue for Windows users not running IIS on their systems?
Rabid Howler Monkey Updated - 30th Dec
For example, if one has .Net installed on their PC and uses Firefox, Safari or Opera in lieu if IE, does a problem exist for an ordinary user? And does Microsoft's .NET Framework Assistant plug-in for Firefox, if enabled, provide a pathway for this vulnerability to be exploited?
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
ForeverSPb 30th Dec
@Rabid Howler Monkey - IIS is on a web server, a browser is on a local machine, .NET framework is part of windows. It is hard to understand your question.
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Rabid Howler Monkey Updated - 30th Dec
@ForeverSPb Microsoft's .NET is a part of Windows for Vista and 7. It is optional on Windows XP and there are still a great many users running Windows XP SP3.

A mitigating factor common to each of the four .NET vulnerabilities is, from the MS11-100 link in the article, "By default, IIS is not enabled on any Windows operating system", "By default, IIS is not installed" or "By default, IIS is not installed on any affected operating system version. Only customers who manually install this are likely to be vulnerable to this issue." and for three of the four vulnerabilities, "By default, ASP.NET is not installed when .NET is installed. Only customers who manually install and enable ASP.NET are likely to be vulnerable to this issue."

While it is clear that this is an issue for servers (e.g., Tomcat, Jetty and Glass Fish included) and for frameworks/languages used on servers (e.g., .NET, Python, PHP, Ruby - Perl was fixed in 2003), it is not clear that this is an issue for clients with .NET installed on their systems. Microsoft is recommending that .NET be updated on clients as well. Are their mitigating factors for clients?
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Pete "athynz" Athens Updated - 30th Dec
Good job Microsoft and props to the team that sacrificed their Christmas to deliver the fix - I for one am definitely appreciative.
0 Votes
+ -
24/7 profession
Martmarty 31st Dec
@Pete "athynz" Athens

Won't be appreciated by those who work in industries where holidays are moved to other dates. Those in medical/hospitals, aviation/airports, security and other fields have spent most of their christmas and new year at work. I for one, have already spent 3 christmas and 3 new years at work.
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
jgm@... 30th Dec
"one delivered on a Thursday, several weeks ahead of the next regularly scheduled Patch Tuesday release"

Could someone please explain to me the idea behind "Patch Tuesdays"? Shouldn't any security update, even if not critical, be released as soon as it's ready to lessen the chance that an exploit appears? The same with bug fixes?
0 Votes
+ -
Contributr
The reason
Ed Bott 30th Dec
@jgm@...

Actual zero-days are very, very rare. The benefit of having security fixes delivered on a predictable monthly cycle is that testing and deployment in enterprise environments can be planned for as a regular task. That makes it more likely that the fixes will be deployed in a timely fashion.

Over time the monthly update on a known date has proven to be a good balance of conflicting demands.
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
CobraA1 31st Dec
@Ed Bott

"Actual zero-days are very, very rare."

Reported zero-days are very, very rare.

Fixed.
0 Votes
+ -
Contributr
Not true
Ed Bott 31st Dec
@CobraA1

Actual, in-the-wild zero-days are very rare. That's a fact. When one does appear, it makes headlines.

Btw, there is no sign that this vulnerability is being actively exploited.
0 Votes
+ -
.NET updates broke my system tray
PreachJohn Updated - 30th Dec
For a couples of days I noticed the yellow update icon appearing and disappearing. Twigged me to check into Microsoft Update. I installed the 4 High Priority .NET updates there. Successful! Not like my XPMCE install that has so many serious problems with updates and installs that my Home or Pro don't have.
After these were installed, the Update Icon appeared offering the same updates I just installed. This is one of a number of malfunctions of Microsoft Update I've encountered over the years.

But, afterwards the new .NET install 4 icons went missing from my system tray. Checked the Net for fixes. Couldn't find an easy fix. Reloading the programs or configuring the Notification area did nothing. Did a System Restore.
Did these updates break anything else for anyone?
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
Return_of_the_jedi 31st Dec
@PreachJohn

That should have been expected, it was a rush job.
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
JeveSobs 30th Dec
Really.....Really slow news day when a patch makes it to the front page of this site.
0 Votes
+ -
Android bashing is still going strong.
Joe.Smetona 31st Dec
@JeveSobs
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
lanek22 31st Dec
I'm just happy I didn't have to reboot my Win 7 64Bit computer after the install.
0 Votes
+ -
RE: Microsoft releases out-of-band security update to plug .NET hole
ScorpioBlue 31st Dec
I did anyway just to make sure. You can never trust them with these things.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix