Microsoft to fix ASP.net bug

By : |September 27, 2010 0

BANGALORE, INDIA: Microsoft will on Tuesday fix for a Windows Web server flaw that is starting to be exploited by online attackers.

The patch fixes a bug in the Windows ASP.net technology used in Microsoft’s servers. Microsoft says it’s seen "limited" exploitation of the flaw in online attacks, but the problem is serious enough that the company has decided to rush out a fix ahead of its next regular patch update, scheduled for Oct. 12.

ASP.net is used to build Web applications, and the bug gives attackers a way to gain access to protected files or read encrypted data sent by an ASP.net application server. Earlier this month, researchers demonstrated how the attack could be used to steal encrypted session cookies or possibly even user names and passwords from websites.

Also read: McAfee advices on new Window’s bug

Microsoft occasionally does this type of out-of-band update when it spots a serious security problem, but this release is different. For the first time, Microsoft will initially release the patch only at the Microsoft Download Center — typically used by users at large organizations who want to test the patches before manually installing them company wide.

(SOURCE: IDG News Service)

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.