Subscribe to our RSS Feeds

Welcome to Bad Windows!

Microsoft sounds alert on massive Web bug

Add comments

Microsoft on Friday warned users that a critical bug in ASP.Net could be exploited by attackers to hijack encrypted Web sessions and pilfer usernames and passwords from Web sites.

The vulnerability went public that same day when a pair of researchers outlined the bug and attack techniques at the Ekoparty Security Conference in Buenos Aires.

According to Microsoft’s advisory, the flaw exists in all versions of ASP.Net, the company’s Web application framework used to craft millions of sites and applications. Microsoft will have to patch every supported version of Windows, from XP Service Pack 3 and Server 2003 to Windows 7 and Server 2008 R2, as well as other products, including its IIS and SharePoint server software.

Read more at ComputerWorld

Uncategorized September 22nd 2010

Leave a Reply

*


five + = 11