There comes a time in every operating system’s life when it needs to have an emergency patch slapped over a security hold in its guts, and for Windows, that time is today – and it’s an emergency. What you’re going to see here is a bulletin by the name of MS11-100 that acts as a sort of public service announcement as Microsoft wants you to update your system several weeks before the regularly scheduled “Patch Tuesday” in mid-January. What this patch does is to cut off access to a security hole that’d allow hackers to launch a DoS attack against people with Microsoft’s ASP .NET application framework in place.
What you’ll have to do is head over to here: [Security Bulletin List] and see if your software is amongst those affected. If you never access the internet, you’ve probably got nothing to worry about – but since you’re here now, probably you should check. This attack works through a certain type of HTTP request that consumes 100% of the processes of one CPU core. Several requests of course could cut a server down to it’s knees in no time. Microsoft has the following to say:
“Attacks targeting this type of vulnerability are generically known as hash collision attacks,” the company said, adding that the hole is not specific to Microsoft’s Web services as it affects PHP 5, Java, .NET, v8 and to some extent PHP 4, Ruby and Python. The folks behind those platforms are expected to issue similar updates in the near future, but the holidays will undoubtedly delay that process.” – Microsoft
Again this is an attack you likely wont feel hitting you if you’re an average citizen, but better safe than sorry. This update to security is currently rated Critical for the following systems: Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows. Don’t freak out, but don’t hesitate to update.