-----BEGIN PGP SIGNED MESSAGE----- Hi All - Wanted to provide some information about the Cross-Site Scripting issue that was reported on 04 February (http://www.securityfocus.com/archive/1/254001). The flaw only existed in beta versions of the .NET Framework, and is not present in the final version of the product, which is available for download from MSDN. We encourage any site administrators who are using beta versions to upgrade to the final version. Microsoft's web site was affected because Microsoft is an early adopter of its own technology. Although we have been upgrading our web site to the released version of .Net Framework, the upgrade was not complete when the information about the vulnerability was made public. We have taken interim steps to prevent the vulnerability from being exploited, and have expedited the upgrade. Regarding the claim that Microsoft was alerted to this vulnerability six months ago, we have checked our archives but can find no record of having received any information on this subject at Secure@microsoft.com. Regards, Microsoft Security Response Center -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQEVAwUBPGIAQI0ZSRQxA/UrAQF+pgf/fH50K7fntwMOtSAeGv4deHLqbFhfJTdF v0Gvpezk5sS3xwe/9R9xEm+o25SQ+aw6KsjEF8WUmQXB/heqyXPpx1w3i05McHiV q0f2jiGbkiOpgw8lBsA6QtkF2tSGmVRLYDJVDIBrMkiM4MCibWzGlWQ1rzmKdnAa 9YGDhyb82jIyaaXqB8Xm9WjJqWEM1doPUyNi3s8oXaAvksnJlt9RkntAsnIBjMMa tQ/bn49f8WDrSC7nbYCXwzN3nuVQUbGvG19uBl+JHhtOsZn0M2BBy6W1+z/nGFWV eTkILXjvsTQDaoLki5UUsKxhC9s6NomQvKXt2vpjxj6LnTFB+wI8cg== =Nfkh -----END PGP SIGNATURE-----
