Microsoft is warning of an unpatched vulnerability in ASP.NET.
“The flaw affects all versions of the .NET Framework, but so far Microsoft is not aware of any in-the-wild attacks, Dave Forstrom, director of Microsoft Trustworthy Computing, said in a blog post,” writes SC Magazine’s Dan Kaplan. “However, the software giant anticipates exploit code to quickly be developed, and security experts said an emergency fix could come as early as this week.”
“What makes the bug particularly worrisome is that it enables attackers to use limited means to launch a devastating denial-of-service (DoS) attack against [a] web server,” Kaplan writes.
Go to “Microsoft scrambles to address widespread ASP.NET bug” to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.