Windows 7: Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability

JMH · 21 Sep 2010

Quote:

Microsoft warns that active attacks are exploiting a recently disclosed vulnerability in all versions of .NET Framework, which affects the majority of ASP.NET applications.

"We've just updated Microsoft Security Advisory 2416728 as we've begun to see limited attacks with the ASP.NET vulnerability.

"We have added questions and answers and encourage customers to review this information and evaluate it for their environment," the Redmond giant announced via its Microsoft Security Response Center (MSRC) blog.

The vulnerability and attack methods, known as "oracle padding," have been demonstrated last Friday at the ekoparty Security Conference in Argentina by security researchers Juliano Rizzo and Thai Duong.

Microsoft has provided an workaround via its security advisory, which involves configuring ASP.NET applications to serve the same custom page for all types of errors.

More -
Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability - Softpedia

Layback Bear · 23 Sep 2010

Thank you for the heads up JMH. For me waiting for the security KB always works better for me.

Windows 7: Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability

Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability problems?