Will "the Mighty" Strohl

DotNetNuke Security Update About Oracle Padding Attack

Please take 10 minutes today to read a blog post by Cathal Connolly, the DotNetNuke Security Team lead.  He gives DotNetNuke specific advice and the exact steps you need to take to protect your DNN websites (and any other public ASP.Net site), while we wait for Microsoft to release an official update for you to apply to your servers. 

ASP.NET Security Vulnerability workaround for DotNetNuke sites

Please note in Cathal’s blog that you will likely see separate updates for the DotNetNuke framework to further guard you against attacks such as these in the near future.

It’s also worth stating again, that this is not a security vulnerability in DotNetNuke.  All ASP.Net websites are at risk of being attacked.  It doesn’t matter if you’re using DNN, SharePoint, MVC, or a custom application.  PROTECT yourself. 

Unfortunately, since this is such a hot-topic-issue I would suggest shrugging off your weekend to protect all of your public ASP.Net websites NOW.

blog comments powered by Disqus