Patch rushed to cover ASP.net flaw

Microsoft has issued an out-of-band security update, blocking ongoing attacks against a flaw in the ASP.NET web application framework that can cause poor encryp...

Microsoft has issued an emergency update that blocks attacks against a flaw in the ASP.NET web application framework. According to SearchSecurity.com, the flaw can cause poor encryption implementation. That leaves an opening for something called a padding oracle attack. The attack tricks the Web server behind an application into giving up sensitive information in error messages. The ASP.net flaw also lets hackers decrypt data that is supposed to stay buttoned up on the web server. Microsoft rates the patch as important. It covers the dot-net framework running on Windows Server 2003 and 2008.

This story is part of Federal News Radio’s daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.