Making the ValidatePath HTTP Module easier to deploy
We have been working very hard to make it as easy as possible for customers to respond to the reported ASP.NET security issue. The first steps were to quickly provide guidance for Web site administrators and developers to help protect their apps. Since then, we have been trying to make it even easier to manage deploying the HTTP Module in large multi-server environments.
To that end, we updated http://www.microsoft.com/security/incident/aspnet.mspx with additional guidance.
In this update we have included several new pieces which will help improve the deployment experience:
A new scanning tool that Web site administrators can use to determine if a machine has the HTTP Module installed -- it will also help determine if a box has ASP.NET running so administrators can determine if the module is necessary on a given box. The script makes it easy to automate this process.
Guidance on how to use Group Policy to deploy the HTTP Module in multi server environments.
- KB 887405, "How to Use Windows Installer and Group Policy to Deploy the VPModule.msi in an Active Directory Domain"
Guidance on how to use SMS to deploy the HTTP Module in multi-server environments
Updated the HTTP Module guidance to include source code for the HTTP Module.
Please continue to look to the security incident page for more information as it becomes available and let me know if you have any questions.