I had recently blogged about ASP.NET Security Vulnerability. There was an announcement by Scott Guthrie about a security update released by Microsoft to fix the ASP.NET Security Vulnerability
Download the Update here and install it on your servers.
Here’s a summary of the security bulletin - ”This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability. The security update addresses the vulnerability by additionally signing all data that is encrypted by ASP.NET”
Tweet
No comments:
Post a Comment