[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] Out of band update today - THE OFFICIAL BLOG OF THE SBS DIVA
Thu, Dec 29 2011 23:55 bradley

Out of band update today

So tonight on your wsus MS11-100 sync'd up.  An out of band .net update.

http://blogs.technet.com/b/msrc/archive/2011/12/29/microsoft-releases-ms11-100-for-security-advisory-2659883.aspx

On workstations I see no need to rush here.  In fact I see low risk if you decide to pass on this update.

On servers, unless it's a public facing web server, I'm not seeing a huge rush either. 

For anyone running high targeted cloud servers, you not only need to be concerned about .net but ruby, java and apache patching as well as this is a hash table denial of service for lots of web servers.

But for us normal folks.... this is not an out of band that I would be freaking out over.

# re: Out of band update today

Friday, December 30, 2011 11:50 AM by Niklas

Thank you for the information. Is this patch needed for a website with static html pages running on WS2008 R2?

# re: Out of band update today

Friday, December 30, 2011 5:53 PM by bradley

blogs.technet.com/.../december-2011-out-of-band-security-bulletin-webcast-q-amp-a.aspx

*Q: If the main target is Internet facing systems with IIS & ASP.NET installed, should I concentrate on patching my webservers first before patching client systems?**

A:* Prioritization for this update would be specific to users’ environments, but servers that are internet-facing and accept input from unauthenticated or untrusted user-provided content are most affected and should be prioritized. Likewise, clients are typically not in a web server role, and so systems that are running a web server role should be prioritized.

Do you use asp.net and forms based authentication?

# re: Out of band update today

Saturday, December 31, 2011 5:29 AM by Niklas

Thanks Susan for the answer. We don't use asp.net and forms based authentication.

# re: Out of band update today

Wednesday, January 04, 2012 3:48 PM by Paul Clayton Smith

After installing the patches for this on Windows Server 2008, the Perfmon counters for Asp.NET Applications -> Requests/Sec and Request Execution Time have stopped functioning.