Dedicated Server Critical Maintenance

[GatorSundeepSe]

Hello,

A new Windows vulnerability was discovered in .NET Framework which could allow elevation of privilege thus compromising a Windows 2008 R1 or Windows 2008 R2 and Windows Server 2003.

To resolve this issue we will need to apply the patch and reboot all the Windows Server 2008 R1 and R2 servers at 3:00 AM January 18th 2012.

For Windows Server 2003 customers we will be sending them notification e-mails regarding this issue.

This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.

This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows.

The security update addresses the vulnerabilities by correcting how the .NET Framework handles specially crafted requests, and how the ASP.NET Framework authenticates users and handles cached content.

For more information please see the following Link

Regards,

Sundeep S
Windows Shift Lead

[GatorSundeepSe]

Due to some technical issues during our scheduled update time, the updates were not pushed through. We will be doing the updates to the servers and rebooting them on January 18th @ 12:45 PM CST

Thank you,

Sundeep S
Windows Shift Lead