Microsoft on Tuesday will release an emergency out-of-band patch for the ASP.NET padding oracle attack that was disclosed earlier this month. The patch will only be available on the company’s Download Center for the time being, however. The company is taking the step of releasing an emergency fix for the bug because of the seriousness of the vulnerability–which potentially affects millions of Web applications–and the fact that there are attacks ongoing against it already. The patch will fix the flaw in all versions of the .NET framework.”Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds,” Microsoft security official Dave Forstrom said in a blog post on the emergency patch.