ASP.Net zero day vulnerability - Padding Oracle exploit

 An ASP.Net cryptograhic zero day was publicly disclosed today.

Microsoft has released an advisory to help customers understand the vulnerability and apply workarounds to secure their sites. The advisory is at http://www.microsoft.com/technet/security/advisory/2416728.mspx.

The Microsoft Security Response Center (MSRC) has released a blog at http://blogs.technet.com/b/msrc/archive/2010/09/17/security-advisory-2416728-released.aspx.

The Security Research & Defense (SRD) team at Microsoft has also released a blog that contains a script to help detect vulnerable installations. The blog is located at http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx

You can check out more details on Scott Guthrie’s blog at http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

> UPDATES HERE <

Published Saturday, September 18, 2010 4:03 AM by naziml

Comments

No Comments
Powered by Community Server (Commercial Edition), by Telligent Systems