The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Microsoft issues emergency patch for Windows Web bug


Administrator / Manager

Status: Offline
Posts: 2499
Date:
Microsoft issues emergency patch for Windows Web bug
Permalink   


As promised, Microsoft today delivered an emergency patch for a Windows Web server flaw that is being actively exploited by hackers.

The fix addresses a vulnerability in ASP.Net's encryption that attackers could abuse to access Web applications with full administrator rights; decrypt session cookies or other encrypted data on a remote server; and access and snatch files from sites or Web applications.

ASP.Net is the Microsoft-designed Web application framework used to craft millions of sites and applications.

Microsoft first sounded the alert Sept. 17 after a pair of researchers demonstrated how attackers could pilfer browser session cookies, or steal passwords and usernames from Web sites.

Three days later, Microsoft warned users that it was seeing limited, active attacks, and urged Web server administrators to apply the workarounds spelled out in an updated advisory.

Today's MS10-070 update patches ASP.Net in all supported versions of Windows, ranging from Windows XP Service Pack 3 (SP3) and Windows Server 2003 to Windows 7 and Windows Server 2008 R2.

Microsoft pegged the single bug addressed Tuesday as "important," the second-highest ranking in its four-step system. "Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers, as we have seen limited attacks and continued attempts to bypass current defenses and workarounds," the company said yesterday.

But not everyone will receive the patch today.

Computerworld has the details HERE!



__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard