Normally I’d say, “Take your time and don’t hurry with .NET updates.”

This one is the exception. You have to figure it’s important if MS engineers sacrifice their Christmas to put an out-of-band security update out there. Out-of-band updates involve typically address very high risk vulnerabilities to risks prevalent on the net.

This update is rated “Critical” for a DoS vulnerability.

“Yesterday evening, we published an Advanced Notification alerting customers to a new out-of-band security update planned to be released today. The notification listed the update as addressing a Critical Elevation-of-Privilege vulnerability, leading to several questions from customers who expected the bulletin addressing a Denial-of-Service vulnerability to be rated Important.

Before hearing about this vulnerability, we had planned to release a .NET security update addressing three vulnerabilities, one of which was a Critical elevation-of-privilege vulnerability. When this vulnerability notification arrived a few weeks ago, the ASP.NET team included the fix into the update already being developed and tested. So the bulletin today addresses four vulnerabilities, one of which is the ASP.NET Denial-of-Service vulnerability presented yesterday. You can read more about the other vulnerabilities in the Security Bulletin and we also invite you to join us for a webcast at 1:00 p.m. PST today (Dec 29) where we will describe the vulnerabilities and answer your questions live “on the air.” You can sign up for the webcast here.” – MS (http://blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx)

This Update affects vulnerabilities on every supported MS OS back to XPSP3.

So don’t shrug your shoulders and “meh” this one. It requires a reboot… well, at least mine did.

Source:

http://blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx

http://www.zdnet.com/blog/bott/microsoft-releases-out-of-band-security-update-to-plug-net-hole/4305?tag=content;feature-roto