Pretty much every supported version of Windows is impacted**, so read on. This is important.
Yesterday Microsoft released an advisory, and today Microsoft released a security patch outside of its normal release cycle, or “out of band”; meaning: not on the 2nd Tuesday of the month. So you know that this is important. In fact, more than important, it’s listed as “critical”, which is defined as “A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.” So yeah.. you need to do something with this ASAP. Today’s update involves and removes a couple of recently discovered vulnerabilities in ASP.NET. Among other things, this is related to the advisory that we released yesterday: http://technet.microsoft.com/en-us/security/advisory/2659883
The pre-release post can be found HERE. I’m writing this blog post before the official release time and scheduling the post to go live at the very same time as the release, so follow that link to updated information as it becomes available. And take advantage of the recommendations for deploying this update as soon as possible.
I will update this post with the most current information when it is made available.
UPDATE: The pre-release link above is also the link to the current information. http://technet.microsoft.com/en-us/security/bulletin/ms11-dec
If you’re interested in getting all the details LIVE, you can Register now for the December 29, 1-00 PM Security Bulletin Webcast. (PST)
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
**The only current Windows installation not impacted by this release is any Windows Server 2008 Core installation. However, Server 2008 R2 Core is impacted.