Microsoft releases emergency ASP.NET patch

10/19/2010 10:19 AM

Recent news in ".NET Training News"

Microsoft recently warned .NET developers about a vulnerability in its ASP.NET web application development toolkit and released an emergency security patch to fix the problem.

The vulnerability had been exploited for weeks. It allowed the creation of a mechanism for attackers to read any file on a web application server. Microsoft listed the flaw as "important." But independent security company SANS Institute's Internet Storm Center says Microsoft underestimated the flaw.

According to Microsoft, "in Microsoft .NET Framework 3.5 Service Pack 1 and above, this vulnerability can be used by an attacker to retrieve the contents of any file within the ASP.NET application, including web.config." Microsoft said the vulnerability could be used to tamper with and decrypt data.

The vulnerability stems from a cryptographic weakness, specifically involving improper error handling during encryption padding verification, according to the Register.

Shortly after the .NET emergency patch, Microsoft released a record 49 security updates on October 12. Many of the Microsoft patches are for older versions of Office and Internet Explorer, including critical updates for Internet Explorer 6, 7 and 8.

About SetFocus

In business since 1997, SetFocus is the global leader in selecting, training, placing, and supporting Microsoft professionals worldwide. Through strategic relationships, SetFocus develops programs that directly source skilled professionals to meet the immediate hiring needs of its partners. A Microsoft Gold Certified Partner for Learning Solutions, SetFocus utilizes a unique combination of services to help organizations grow allowing them to meet marketplace opportunities with speed and agility. SetFocus has won semi-finalist awards for both the Ernst & Young Entrepreneur of the Year as well as the New Jersey Family Business of the Year. It is currently ranked on Inc. 5,000 fastest growing companies in America. For more information, SetFocus can be reached at +1-886-91-TRAIN and through its website, SetFocus.