J’avais promis de revenir vers vous. Voilà qui est fait. L’alerte de sécurité de Microsoft MS10-70 est relativement sérieuse et affecte la couche asp.net et par conséquent les services Exchange. Le risque est présent et une personne pourrait éventuellement accéder à des fichiers tels que le web.config. Le risque est potentiel sur toutes les versions de ASP.NET. Microsoft recommande donc d’appliquer très rapidement ce correctif sur toutes les plates formes concernées
Plates-formes concernées
|
Operating System |
Component |
Maximum Security Impact |
Aggregate Severity Rating |
Bulletins Replaced by this Update |
|
Windows XP |
|
|
|
|
|
Windows XP Service Pack 3 |
Microsoft .NET Framework 1.1 Service Pack 1 |
Information Disclosure |
Important |
|
|
Windows XP Service Pack 3 |
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows XP Professional x64 Edition Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1 |
Information Disclosure |
Important |
|
|
Windows XP Professional x64 Edition Service Pack 2 |
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Server 2003 |
|
|
|
|
|
Windows Server 2003 Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Server 2003 x64 Edition Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1 |
Information Disclosure |
Important |
|
|
Windows Server 2003 x64 Edition Service Pack 2 |
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Server 2003 with SP2 for Itanium-based Systems |
Microsoft .NET Framework 1.1 Service Pack 1 |
Information Disclosure |
Important |
|
|
Windows Server 2003 with SP2 for Itanium-based Systems |
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Vista |
|
|
|
|
|
Windows Vista Service Pack 1 |
Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Vista Service Pack 1 |
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 Microsoft .NET Framework 2.0 Service Pack 2 |
Information Disclosure |
Important |
|
|
Windows Vista Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Vista x64 Edition Service Pack 1 |
Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Vista x64 Edition Service Pack 1 |
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 Microsoft .NET Framework 2.0 Service Pack 2 |
Information Disclosure |
Important |
|
|
Windows Vista x64 Edition Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Server 2008 |
|
|
|
|
|
Windows Server 2008 for 32-bit Systems |
Microsoft .NET Framework 1.1 Service Pack 1** Microsoft .NET Framework 3.5 Service Pack 1** Microsoft .NET Framework 4.0** |
Information Disclosure |
Important |
None |
|
Windows Server 2008 for 32-bit Systems |
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5** Microsoft .NET Framework 2.0 Service Pack 2** |
Information Disclosure |
Important |
|
|
Windows Server 2008 for 32-bit Systems Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1** Microsoft .NET Framework 2.0 Service Pack 2** Microsoft .NET Framework 3.5** Microsoft .NET Framework 3.5 Service Pack 1** Microsoft .NET Framework 4.0** |
Information Disclosure |
Important |
None |
|
Windows Server 2008 for x64-based Systems |
Microsoft .NET Framework 1.1 Service Pack 1** Microsoft .NET Framework 3.5 Service Pack 1** Microsoft .NET Framework 4.0** |
Information Disclosure |
Important |
None |
|
Windows Server 2008 for x64-based Systems |
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5** Microsoft .NET Framework 2.0 Service Pack 2** |
Information Disclosure |
Important |
|
|
Windows Server 2008 for x64-based Systems Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1** Microsoft .NET Framework 2.0 Service Pack 2** Microsoft .NET Framework 3.5** Microsoft .NET Framework 3.5 Service Pack 1** Microsoft .NET Framework 4.0** |
Information Disclosure |
Important |
None |
|
Windows Server 2008 for Itanium-based Systems |
Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Server 2008 for Itanium-based Systems |
Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5 Microsoft .NET Framework 2.0 Service Pack 2 |
Information Disclosure |
Important |
|
|
Windows Server 2008 for Itanium-based Systems Service Pack 2 |
Microsoft .NET Framework 1.1 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Service Pack 1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows 7 |
|
|
|
|
|
Windows 7 for 32-bit Systems |
Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows 7 for x64-based Systems |
Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
|
Windows Server 2008 R2 |
|
|
|
|
|
Windows Server 2008 R2 for x64-based Systems |
Microsoft .NET Framework 3.5.1* Microsoft .NET Framework 4.0* |
Information Disclosure |
Important |
None |
|
Windows Server 2008 R2 for Itanium-based Systems |
Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 |
Information Disclosure |
Important |
None |
Important : ce dernier va demander un reboot des serveurs Exchange
Plus d’informations en anglais sont disponibles à l’adresse suivante : http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Cordialement
Laurent Teruin
Travailler ensemble 
1 commentaire