|21 Sep 2010||#1|
| || |
Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability
Microsoft warns that active attacks are exploiting a recently disclosed vulnerability in all versions of .NET Framework, which affects the majority of ASP.NET applications.
"We've just updated Microsoft Security Advisory 2416728 as we've begun to see limited attacks with the ASP.NET vulnerability.
"We have added questions and answers and encourage customers to review this information and evaluate it for their environment," the Redmond giant announced via its Microsoft Security Response Center (MSRC) blog.
The vulnerability and attack methods, known as "oracle padding," have been demonstrated last Friday at the ekoparty Security Conference in Argentina by security researchers Juliano Rizzo and Thai Duong.
Microsoft has provided an workaround via its security advisory, which involves configuring ASP.NET applications to serve the same custom page for all types of errors.
Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability - Softpedia
|My System Specs|
|Similar help and support threads for2: Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability|
|MSFT Confirms'Targeted attacks' against old unpatched IE vulnerability||Browsers & Mail|
|Microsoft Confirms Critical IE Bug, Works on Fix||Security News|
|Microsoft Confirms x64 Windows 7 Aero Vulnerability||News|
|Microsoft confirms 0-Day IIS security vulnerability||System Security|
|Microsoft reports attacks using IIS vulnerability||News|
|Microsoft Confirms Attacks Targeting Critical 0-Day Office Excel Vulnerability||Microsoft Office|
|Free Microsoft Security Tool Kills Worm Targeting Critical Windows Flaw||System Security|