Information regarding the recent ASP.NET Security Vulnerability
Microsoft recently released a Security Advisory in regards to a vulnerability in ASP.NET.
We take security seriously here at Dovetail Software and wanted to let you know how this affects your Dovetail Software products.
Scott Guthrie, Corporate VP at Microsoft in charge of ASP.NET, has posted information regarding this issue, and some Frequently Asked Questions about it. He has recommended that customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications.
Dovetail Applications Affected:
- Dovetail Mobile Agent
- Dovetail Seeker
This can also affect any custom ASP.NET applications that you’ve created, including those that use the Dovetail SDK.
We are working on updated releases to these products and will notify our customers via our normal product release update channels when these releases are available.
We are also emailing all of our customers who may be affected to be sure they are aware of this vulnerability.
Microsoft has provided a workaround that is relatively easy to implement. In general, the workaround is:
- Create or modify the <customErrors> section of the web.config
- Add a custom error file to your application that contains an appropriate error page of your choosing
Please refer to the workaround details as posted on Scott Guthrie’s blog for exact instructions.
Additional Information from Microsoft
Is Microsoft going to release an update to fix the vulnerability?
Yes. Microsoft is working on an update to ASP.NET that we will release via Windows Update once it has been thoroughly tested and is ready for broad distribution.