It was so close. Microsoft makes day 363 2011 without giving up updates outside of MS11-100.
"picture rtsm" says nCircle, explains, "this is not a DoS attack on average You for not taking a botnet or a lot of coordination to take down the web server. Most DoS attacks rely on a large number of small requests targeted at specific web server to master them. In this case, a single request can consume one core for 90 seconds. Queue multiple requests every few minutes and this site will be basically knocked offline.
Dave Forstrom, Director, trustworthy computing, Microsoft announced, “today, Microsoft released MS11-100 to protect customers against industry-wide problem that is described in Security Advisory 2659883.”
Forstrom added that Microsoft is not currently aware of any attack targeting ASP.NET. However, Microsoft considers a credible threat and urgent that it release a patch out-of-band to address them, and Microsoft urges customers to apply the patches as soon as possible.
Wolfgang Kandek, CTO of Qualys, note that Microsoft developed and released the patch it with lightning speed. Apparently there was.NET framework patch already in progress for January Patch Tuesday, Microsoft was able to roll this fix into the work already done and rushed out the door.