Send tip

Category: Software

Hackers Exploit ASP.Net Bug

Written on September 26, 2010 by Adam Eve

0 person

Following a research demo of how "oracle padding" bug can be exploited by force-feeding cypher text to an ASP.Net application, Microsoft needs some patching up for their web application framework.

A warning from has it that hackers are exploiting the un-patched bug in . Symantec, however, said that is has not seen any attacks yet. All versions of are vulnerable to this attack, letting the culprits access Web applications with full administrator rights. The company promised a patch for the zero-day bug, but no delivery date was set.

For the mean time, Microsoft exec for ASP.Net Development Team – Scott Guthrie – urges websites and application developers to cork the hole with a temporary work around by means of editing the “web.config” file. In response to this, Microsoft’s team already published a different web.config editing procedures for its high-profile and highly profitable collaboration software.

The Microsoft Security Response Center () also took its shot to researchers who disclose bugs publicly before a patch has been made:

“We fundamentally believe, and history has shown, that once vulnerability details are released publicly, the probability of exploitation rises significantly. Without coordination in place to provide a security update or proper guidance, risk to customers is greatly amplified.”

View Article Source »

Related articles


View all