Categories

« Solving Common Scribe Issues | Main | Copying Dynamics CRM form values to the clipboard with jscript »

September 28, 2010

Security Update Now Available to protect MSCRM Servers

We recommend installing this update as soon as possible on your web-servers.  - While all CRM Servers need this patch, CRM deployments that have enabled the IFD (Internet Facing Deployment) option are especially important to keep secure.

Where do I find these hotfixes?

Links to the ASP.Net Security Updates are available here - or from Microsoft Downloads

I ran Windows Update – is that enough?

Not yet, these patches are new enough that they are not yet in the download channels for Windows Update.

Is the previously blogged CRM Update/Hotfix still needed?

No.

How does this change functionality within CRM?

It doesn’t in any meaningful way for users. – The only change would be the removal of some encrypted data previously included in error messages. 

-----------------------------------------

Note - The following information from Scott Guthrie is helpful and important to users – especially if they have multiple CRM servers in a web-farm / cluster.

What is the impact of applying the update to a live web-server?

If you apply the update to a live web-server, there will be some period of time when the web-server will be offline (although an OS reboot should not be required). You’ll want to schedule and coordinate your updates appropriately.

Importantly – if your site or application is running across multiple web-servers in a web-farm, you’ll want to make sure the update is applied to all of the machines (and not just some of them). This is because the update changes the encryption/signing behavior of certain features in ASP.NET, and a mix of patched and un-patched servers will cause that encryption/signing behavior to be incompatible between them.  If you are using a web-farm topology, you might want to look at pulling half of the machines out of rotation, update them, and then swap the active and inactive machines (so that the updated machines are in rotation, and the non-updated ones are pulled from rotation and patched next) to avoid these mismatches.

(From Scott Guthrie - http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx )

Posted by on September 28, 2010 at 06:40 PM |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fb34b6f8833013487ce108f970c

Listed below are links to weblogs that reference Security Update Now Available to protect MSCRM Servers:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Search The Blog

  • Search the Blog

Archives

More...

Recent Comments

Recent Posts

Twitter Updates

    follow me on Twitter