Return to doc.sitecore.com

Microsoft ASP.NET Security Vulnerability 2416728

UPDATE (Oct. 6, 2010):

Microsoft has published a set of updates for ASP.NET which removes the ASP.NET security vulnerability described in KB2416728. These updates are available from Windows Update or the Microsoft Download Center. Sitecore strongly recommends that you install the relevant Microsoft Updates on all the environments where you host Sitecore solutions.  

Sitecore has published a known issue that describes a workaround that you must apply after you install the Microsoft Update if you are running Sitecore CMS 6.0, 6.1, 6.2 Update-4 or earlier 6.2 versions, 6.3 Update-2 or earlier 6.3 versions, 6.4 Initial Release. If this workaround is not applied, Sitecore might throw an unhandled exception when an editor or website visitor uses a browser that has stored an old authentication cookie to accesses the website or the Sitecore clients. If you are running or upgrading to Sitecore CMS 6.2 Update-5, 6.3 Update-3, 6.4 Update-1 or later versions, you do not need to apply the workaround.

If you applied the original Sitecore workarounds that are listed in the following Sitecore Workarounds section, you should roll back the changes by undoing each step mentioned in the workaround documents. These workarounds are no longer needed after you have installed the Microsoft Update.  

Sitecore Workarounds

IMPORTANT: Sitecore no longer recommends that you apply these workarounds. This information is only relevant for customers who have already applied the Sitecore workarounds and who must roll back these changes in their solutions.

Sitecore CMS 6                                 Last Updated: 2010-09-27

Sitecore CMS 5.3                              Last Updated: 2010-09-27