Microsoft has issued an emergency patch to address a vulnerability in the ASP.NET framework. ASP.NET is used by developers to build Web applications and XML Web services.
The fix was pushed out after reports of attacks began to surface. The bug was demonstrated earlier this month by researchers at the Ekoparty Security Conference in Buenos Aires, Argentina.
“MS10-070 updates the widely installed .NET Framework for all supported Windows platforms, from XP SP3 to Windows 7,” noted Wolfgang Kandek, CTO of Qualys. “This makes this update applicable to many machines, desktops and servers alike. However, the current known attack is applicable only to machines that run a Web server with ASP.NET installed, so IT administrators should prioritise these machines. Desktops and servers that do not run a Web server can be updated at a later date, when convenient.”
The impact of the attack is dependent on the Web application running on the server, he added. In a worst-case scenario, attackers could gain complete control of the server.
“The exact impact will have to be determined by the server and application engineers, we recommend patching this vulnerability on all Windows machines that run ASP.NET applications,” he said.
Microsoft warned that it had seen limited attacks targeting the vulnerability. While desktop systems are listed as affected, consumers are not vulnerable unless they are running a Web server from their computer, blogged David Forstrom, director of Trustworthy Computing at Microsoft.
“The update will be made available initially only through the Microsoft Download Centre and then released through Windows Update and Windows Server Update Services within the next few days,” Forstrom wrote. “This allows customers the option to deploy it manually now without delaying for broader distribution.”
More than 10,000 London black cab drivers sue Uber claiming company acted illegally to obtain…
Liverpool's Alder Hey children's hospital turns away electric car from car park due to 'fire…
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant