Thycotic Community Forum

9/20/2010 9:15:35 AM Tucker Posts: 87	Asp.Net Vulnerability - Security Patch A vulnerability in Microsoft ASP.Net framework is a immediate security concern for Secret Server customers. The vulnerability allows hackers to access the file system as well as potentially retrieve encrypted ViewState data. For more details on this vulnerability see the following Microsoft Security Advisory: <a href="http://www.microsoft.com/technet/security/advisory/2416728.mspx">http://www.microsoft.com/technet/security/advisory/2416728.mspx</a> Secret Server Patch A Secret Server patch is available with more information in this Knowledge Base article: <a href="http://support.thycotic.com/KB/a106/aspnet-vulnerability-security-patch-9202010.aspx?KBSearchID=6051">http://support.thycotic.com/KB/a106/aspnet-vulnerability-security-patch-9202010.aspx?KBSearchID=6051</a> Note: Secret Server Online has already been patched. -- Regards, Tucker
	0 • link
9/20/2010 12:34:22 PM Tucker Posts: 87	The Security patch has been incorporated into the 7.1.000001 Release that is now live. If you update you will not need to apply the patch manually. -- Regards, Tucker
	0 • link
9/22/2010 10:56:53 AM Adam D Posts: 16	Is there a mailing list for these type of critical updates? I did nto receive anything.
	0 • link
9/23/2010 6:20:30 AM Scott Posts: 45	Adam, At present, there is not, but we are working towards implementing something like that soon. There should be a forum post announcing this feature in the not-too-distant future. Scott Thycotic Software
	0 • link

---