Windows Update for ASP.NET Vulnerability 2416728: Sitecore implications *Update*

As you could have been reading in my previous post, Sitecore’s major product Sitecore .NET Web Content Management System is affected by the ASP.NET Vulnerability 2416728. Today, Microsoft has released an update to all the Windows Update Services(WSUS and WU). You can find all the details in Scott Guthrie’s post.

What could potentially happen to your Sitecore installation when applying this patch?

  1. A couple of users get logged out. That’s only really notable for the user who use the check box ‘Remember me’. Just login again. That’s the deal. According to my checks on 6.2, this does not happen.
  2. Potentially you could get an exception for people who have a open session while updating Sitecore. According to my checks, this doesn’t happen.

So it seems that you can install this patch without any unexpected side effect. I’ve checked it on my machines and tested it there(so this is an unofficial Sitecore  statement). If we come across issue, we will let you know. If you come across issues, please let our support team know.

Update: Sometimes an ‘HttpException: Unable to validate data’ happens when people are already authenticated. I couldn’t reproduce this. But it seems to be there. In that case, please review this solution on SDN.

ASP.NET Vulnerability 2416728 and Sitecore

Sitecore’s major product Sitecore ASP.NET Web CMS is affected by the ASP.NET Vulnerability 2416728. Scott Guthrie describes all the nifty details about this threat in this post. Our Support-team has been working intensively with our Product team to get a well tested solution out. It’s available now. 

For more information, please review this article on SDN.