Update on the ASP.NET Vulnerability

A security update has been released which addresses the ASP.NET vulnerability we blogged about previously.  This update is included in Guest OS 1.7, which is currently being rolled out to all Windows Azure data centers globally.  Some customers will begin seeing Guest OS 1.7 as early as today, and broad rollout will complete within the next two weeks.

If you’ve configured your Windows Azure application to receive automatic OS upgrades, no action is required to receive the update.  If you don’t use automatic OS upgrades, we recommend manually upgrading to Guest OS 1.7 as soon as it’s available for your application.  For more information about configuring OS upgrades, see “Configuring Settings for the Windows Azure Guest OS.”

Until your application has the update, remember to review Scott Guthrie’s blog post to determine if your application is vulnerable and to learn how to apply the a workaround for additional protection.