Hot on the heals of the Linux 64bit kernel exploit, Microsoft has announced a vulnerability in its ASP.Net framework on Server 2003 and 2008.

However they have not yet received any reports of attacks taking advantage of this vulnerability, but they advice all customers to review their advisory for mitigations and workarounds.

An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.-Microsoft

To find out more about this vulnerability and the workarounds recommended by Mircrosoft, look under the “Workarounds” section on this page.

About the Author:

Hamish joined Bobcares in July of 2004, and since then has grown to be well versed in the Control Panels and Operating systems used in the Web Hosting industry today. He is highly passionate about Linux and is a great evangelist of open-source. When not at work, he keeps himself busy populating this blog with both technical and non-technical posts. When he is not on his Xbox, he is an avid movie lover and critic