ASP.NET hotfix released…

Here is some good links. 


http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx


http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx


Public Bulletin Webcast

  

Microsoft will host a webcast to address customer questions on this bulletin:

Title: Information about Microsoft’s September 2010 (OOB) Security Bulletin Release (Level 200)

Date: Tuesday, September 28, 2010, 1:00 P.M. Pacific Time (U.S. and Canada)


  

Good information on the webcast.

  

Steve

ASP.NET security exploit information

Here is a link with information regarding the exploit.


http://www.microsoft.com/technet/security/advisory/2416728.mspx


http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx


http://blogs.iis.net/nazim/archive/2010/09/18/asp-net-zero-day-vulnerability-padding-oracle-exploit.aspx


http://stevesmithblog.com/blog/asp-net-custom-errors-security-flaw/


//You Tube video, you should check out!
http://tinyurl.com/2b7rnae


http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/


http://www.gdssecurity.com/l/b/2010/09/14/automated-padding-oracle-attacks-with-padbuster/


http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx


//Sharepoint
http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx


//Custom Errors including new attribute in .NET 3.5 sp1
http://msdn.microsoft.com/en-us/library/h0hfz6fc(VS.90).aspx


//Search engine friendly custom error handling in .NET 3.5 sp1
http://blog.turlov.com/2009/01/search-engine-friendly-error-handling.html


Steve Schofield
Microsoft MVP – IIS

AD Gateway web service information


I’ve been looking at AD Gateway service which was introduced for Windows Server 2003 / 2008.  The AD Web service was integrated for Windows Server 2008 R2.  This web service interface allows administrators to use powershell to manage Active Directory.  I’m trying to determine if this is a benefit when having multiple AD forests. If you are running Windows 7, Windows Server 2008 R2, you can install the RSAT or Remote Administration tools feature in server manager.  Here is a couple unknowns I’ve not been able to prove yet is. 




  • Cross forest administration with powershell AD modules?


  • Can’t install w2k8 R2 powershell modules on w2k8 to connect to a w2k8 DC running AD Gateway service? My initial findings you need a w2k8 r2 member server or win 7 client in the domain.

//Overview of AD Gateway service
http://technet.microsoft.com/en-us/library/dd391908(WS.10).aspx


//Download AD Gateway service w2k3, w2k8
http://www.microsoft.com/downloads/details.aspx?displaylan


//Blog of AD Web service
http://www.shariqsheikh.com/blog/index.php/200907/what-is-active-directory-management-gateway-service-admgs/


//Remote Administration tools for Win 7
http://technet.microsoft.com/en-us/library/ee449475(WS.10).aspx


//Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008)
https://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=008940c6-0296-4597-be3e-1d24c1cf0dda


//Active Directory Web Services (ADWS) and Active Directory Management Gateway Service (ADMGS)
http://trycatch.be/blogs/roggenk/archive/2010/01/14/active-directory-web-services-adws-and-active-directory-management-gateway-service-admgs.aspx


//Good examples of using powershell and AD interface
http://codygros.wordpress.com/


How to Install the Active Directory Module for Windows PowerShell
http://www.mikepfeiffer.net/2010/01/how-to-install-the-active-directory-module-for-windows-powershell/


Introducing the Active Directory Module for Windows PowerShell
http://www.networkworld.com/community/node/42157


I’ll keep tinkering with this but it looks cool!