How to prevent access to the Telerik Dialog Handler in IIS

arpan das 1 Reputation point

a cryptographic weakness (CVE-2017-9248) has been identified in Telerik.Web.UI.dll that can be exploited to the disclosure of encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey).

Instead of doing a version upgrade I want to restrict the Telerik DialogHandler via IIS handler mapping or with appcmd set config.

Can it be done ? If yes please let me know the process.

Thank you in advance.

Internet Information Services
{count} votes