New security vulnerabilities in ASP. NET allow attackers to access arbitrary files.

Source: Internet
Author: User

Microsoft Security Response Center recently released the latest security warning, reminding ASP. NET users to prevent a new security vulnerability. Attackers can exploit the latest vulnerability in the ASP. NET encryption module to access any files including web. config. This vulnerability exists in all versions of ASP. NET that have been released, and its impact cannot be underestimated. No Patches have been released. Developers and maintenance personnel are invited to strengthen defense.

It is reported that the new vulnerabilities in the ASP. NET encryption module allow attackers to decrypt and tamper with arbitrary encrypted data. If ASP. NET applicationProgramASP. NET 3.5 SP1 or later is used. Attackers can use this encryption vulnerability to request any file content in ASP. NET applications. Some stream-spreading attack cases on the network show that attackers can exploit this encryption vulnerability to obtain the content of the Web. config file. In fact, once an attacker obtains the access permission of the Worker Process of the Web application, the attacker can access arbitrary files in the application.

Microsoft said it is currently working with its partners to provide temporary protection measures for its users before Microsoft releases patches. Microsoft pointed out that after completing the investigation of this vulnerability, the company will provide security upgrades during the monthly routine patch release, and may also release unconventional patches as appropriate.

Operating systems affected by this vulnerability in ASP. NET include Windows XP SP3, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

For more information about this vulnerability, visit: http://www.microsoft.com/technet/security/advisory/2416728.mspx

Link: http://www.cnbeta.com/articles/122277.htm

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.